MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7fd7393fe93ff7529e49f1f340e201eb772c022c4e2227f1ee23b7e57e6afc4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e7fd7393fe93ff7529e49f1f340e201eb772c022c4e2227f1ee23b7e57e6afc4
SHA3-384 hash: b13883e8dfb2754999217ef77b51478fd42d1e4f0c8c818946dd663693315791b1e27b8aa754a27dd1645708ec98ea27
SHA1 hash: e13aeaa74ebd7145cc2e71c08a846b238a20a710
MD5 hash: 171c7ebc0feaede321440ff043f744c2
humanhash: butter-floor-helium-india
File name:ps.ps1
Download: download sample
File size:44 bytes
First seen:2026-04-28 12:30:29 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 3:VSJJFIqF1F65IFihA:s8qF1FEhA
TLSH TNULL
Magika batch
Reporter JAMESWT_WT
Tags:booking nisuwyyyqsafdas-com ps1 yc-scm-com

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated powershell soft-404
Link:
https://www.filescan.io/uploads/69f0a8728a82359247b76b25/reports/56f6fed7-5e57-40d2-bec1-34d42d28b967/overview
Verdict:
Suspicious
Labled as:
TrojanDownloader/PS.Agent
Link:
https://www.hybrid-analysis.com/sample/e7fd7393fe93ff7529e49f1f340e201eb772c022c4e2227f1ee23b7e57e6afc4
Verdict:
Malicious
File Type:
ps1
First seen:
2026-04-28T09:46:00Z UTC
Last seen:
2026-04-28T12:16:00Z UTC
Hits:
~100
Detections:
Trojan.PowerShell.Cobalt.sb Trojan.MSIL.Donut.sb Backdoor.MSIL.Agent.sb Trojan.PowerShell.Persik.sbr Trojan-Spy.Agent.HTTP.C&C Trojan-PSW.Win32.Coins.sb Backdoor.Agent.HTTP.C&C Trojan.Win32.Shellcode.sb Trojan.Win32.Agent.sb Trojan-PSW.Win32.Stealer.sb Trojan-PSW.MSIL.Stealer.sb Trojan.PowerShell.Agent.sb Trojan-Dropper.Win32.Injector.sb Backdoor.Win32.Androm.sb NetTool.PowerShellUA.HTTP.C&C NetTool.PowerShellGet.HTTP.C&C
Link:
https://opentip.kaspersky.com/e7fd7393fe93ff7529e49f1f340e201eb772c022c4e2227f1ee23b7e57e6afc4/results?tab=lookup
Score:
3%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/e7fd7393fe93ff7529e49f1f340e201eb772c022c4e2227f1ee23b7e57e6afc4
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e7fd7393fe93ff7529e49f1f340e201eb772c022c4e2227f1ee23b7e57e6afc4/
Verdict:
Malicious
Threat:
Trojan.PowerShell.Cobalt
Link:
https://tip.neiki.dev/file/e7fd7393fe93ff7529e49f1f340e201eb772c022c4e2227f1ee23b7e57e6afc4
Result
Malware family:
n/a
Score:
  8/10
Tags:
execution
Link:
https://tria.ge/reports/260428-ppv8madt6n/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Command and Scripting Interpreter: PowerShell
Badlisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e7fd7393fe93ff7529e49f1f340e201eb772c022c4e2227f1ee23b7e57e6afc4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments