MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea455824ada64047aba9990bfa8825e807ebbd40bf21617faf0b3460af2a8ffe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea455824ada64047aba9990bfa8825e807ebbd40bf21617faf0b3460af2a8ffe
SHA3-384 hash: 2c191aaff44789791f46242db65c564783874bd88ef6cccefc833c8bedde433faad571fd92be3456307c658fb756be56
SHA1 hash: 7d7bcbeffe65329c3df6f4c0904efc6ddc4a4c0e
MD5 hash: 9bb4d742b0b1cf89fa2f3ce58ed4ce84
humanhash: three-dakota-monkey-alpha
File name:ps.ps1
Download: download sample
File size:177 bytes
First seen:2026-01-29 06:39:13 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 3:pF4hWAypXcmJh4kTMxLQSKGNEjR6GCquh4kqm6h4kmDrT6h4kpGUE:pFWHy1ZHDaELpuHMHmOHu
Threatray 19 similar samples on MalwareBazaar
TLSH T1DFC012FF101880AAE65AC089B2202841668C40CCE60BCC34A6080CAA12B087888DBA2A
Magika batch
Reporter JAMESWT_WT
Tags:91-215-85-119 booking jeg238r7staf378s kakapupuneww-com ps1

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=697b00a16fa3eed1653013d7
Tags:
micro overt sage
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
evasive obfuscated
Link:
https://www.filescan.io/uploads/697b009f12c4ad8c08596bba/reports/7dd924db-72bb-4ba5-ada0-778a0c962119/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/ea455824ada64047aba9990bfa8825e807ebbd40bf21617faf0b3460af2a8ffe
Verdict:
Malicious
File Type:
text
First seen:
2026-01-29T12:09:00Z UTC
Last seen:
2026-01-29T12:54:00Z UTC
Hits:
~10
Detections:
Trojan-Downloader.BAT.Agent.abfc
Link:
https://opentip.kaspersky.com/ea455824ada64047aba9990bfa8825e807ebbd40bf21617faf0b3460af2a8ffe/results?tab=lookup
Score:
85%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ea455824ada64047aba9990bfa8825e807ebbd40bf21617faf0b3460af2a8ffe
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ea455824ada64047aba9990bfa8825e807ebbd40bf21617faf0b3460af2a8ffe/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/ea455824ada64047aba9990bfa8825e807ebbd40bf21617faf0b3460af2a8ffe
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5jcvqjfnuzaepk5jtef7vcbf5ad6xpkax4qwc75pbm2gblzkr77a._file
Verdict:
malicious
Label(s):
castlerat
Create hunting rule
Similar samples:
0d9c9204ca58d57a76d753bf4ef8a423177bf7b9a9294e49baa0f3067a8cbbd3
71b29a544e8fedb333e05e0f21d8fcad4d8832cf9c80e2113ce132dfbbf3b20c
7a183d113322a729e73344460bac8e87a2d72f83d30980566c8d2f99eb576d01
a79867d10cc8e2fe3f4c514905cc59f64d37273544fc45cbebf8c643968559cd
c39bc5b30eef8eb76a89a9686476c73b43989487b5adccd2c0d0044c5a23e919
e470617b5b069e552fbd2ac67b2090a218124165e2303efc2732999f548d4130
error
f58056af2ee8a026f77617845746947929b52140b4c7240bdfb985fcef6b6279
+ 9 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
execution persistence spyware stealer
Link:
https://tria.ge/reports/260129-heve1sav3d/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses cryptocurrency files/wallets, possible credential harvesting
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/ea455824ada64047aba9990bfa8825e807ebbd40bf21617faf0b3460af2a8ffe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments