MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eebf592f1161b2170c9dcc5d2378d11b30e8f47943bf0699898287199e8018bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eebf592f1161b2170c9dcc5d2378d11b30e8f47943bf0699898287199e8018bb
SHA3-384 hash: 967117226fd87e4e231d5b31955eec04f9f794736aed105641c223e4bd0ac077617a154b58546028d61a051e5c888e50
SHA1 hash: ea4413893d12f2ceddf9239482d6f697fbea044e
MD5 hash: 943087d3d67af8e02365a42ff54561e2
humanhash: west-monkey-early-cola
File name:file
Download: download sample
File size:778 bytes
First seen:2026-02-21 01:52:32 UTC
Last seen:2026-02-21 01:56:20 UTC
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 12:wnhtEc9WXWB5o3+qsdKYMFKIeofNtQeoJ+y6AeofLz7eoBAhBeoB+yMNleoDIbOt:wnEc92WBq3rsLMn6z6WLzCzIhq67ou3
TLSH T11E0161DA374A51D221A247846EBD048FEF1E820B1E41EC40BD1EB6647C18EE77E1E142
Magika batch
Reporter Bitsight
Tags:bat dropped-by-amadey fbf543


Avatar
Bitsight
url: http://130.12.180.43/files/6431051653/64TW6hJ.bat

Intelligence

File Origin
# of uploads :
12
# of downloads :
120
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
BatchScript
Details
BatchScript
varying reportable information from embedded commands and any observed URLs
Link:
https://research.acce.ciphertechsolutions.com/results/2d29976b-09b3-4a9c-9eb9-1bf558dbaac7/
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69994e2dc950ab5d9aaff80f
Tags:
shell spawn sage
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
expand fingerprint lolbin msiexec timeout wscript
Link:
https://www.filescan.io/uploads/6999100a10e80629d4ec2135/reports/5ec9d194-61d0-4ee7-a7f2-8bcd2b219cee/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/eebf592f1161b2170c9dcc5d2378d11b30e8f47943bf0699898287199e8018bb
Verdict:
Clean
File Type:
unix shell
Link:
https://opentip.kaspersky.com/eebf592f1161b2170c9dcc5d2378d11b30e8f47943bf0699898287199e8018bb/results?tab=lookup
Score:
6%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/eebf592f1161b2170c9dcc5d2378d11b30e8f47943bf0699898287199e8018bb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eebf592f1161b2170c9dcc5d2378d11b30e8f47943bf0699898287199e8018bb/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/eebf592f1161b2170c9dcc5d2378d11b30e8f47943bf0699898287199e8018bb
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=527vslyrmgzbode5zrosg6grdmyor5dzio7qngmjqkdrthuadc5q._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery installer persistence privilege_escalation spyware stealer
Link:
https://tria.ge/reports/260221-g2p85sbw3d/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Inno Setup is an open-source installation builder for Windows applications.
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Time Discovery
Drops file in Program Files directory
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Suspicious use of SetThreadContext
Adds Run key to start application
Drops desktop.ini file(s)
Enumerates connected drives
Checks computer location settings
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/eebf592f1161b2170c9dcc5d2378d11b30e8f47943bf0699898287199e8018bb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Batch (bat) bat eebf592f1161b2170c9dcc5d2378d11b30e8f47943bf0699898287199e8018bb

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3782075/

Comments