MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2afd46cfef3883fc858ca7b7730d4d6ee56a7aedbdb1b1f7bda7dba054f489e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2afd46cfef3883fc858ca7b7730d4d6ee56a7aedbdb1b1f7bda7dba054f489e
SHA3-384 hash: 2d28e65a4b44ad65408bf0c1b697bd10640dd28d7e7c867cbcaa59c979fdac8372867da4c191dd6c2ce7c4f12f03c9c0
SHA1 hash: e13afb4c3485e8627989939796b53e894d52b1d7
MD5 hash: e522c89466007da3839891809688576e
humanhash: hotel-indigo-quebec-wyoming
File name:soc.ps1
Download: download sample
File size:8'105 bytes
First seen:2023-05-22 18:28:53 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 192:R56pQXAhsUs+cn7FiT/ib33NoRbT6IjrliyK:RwpQXAhsUs+2FiT/ib33NogIj4yK
TLSH T17BF1A8175FFFBBB902839BF8CED99478E779483A33D9A814790DC484705499C40BE8A5
Reporter captainGeech
Tags:ps1 SystemBC systembc.powershell

Intelligence

File Origin
# of uploads :
1
# of downloads :
244
Origin country :
US US
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/646bb46f642a967932809f97/reports/7520e7df-6500-4398-b369-da18d81c3017/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/f2afd46cfef3883fc858ca7b7730d4d6ee56a7aedbdb1b1f7bda7dba054f489e
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
3 / 100
Link:
https://www.joesandbox.com/analysis/1239947
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f2afd46cfef3883fc858ca7b7730d4d6ee56a7aedbdb1b1f7bda7dba054f489e/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6kx5i3h66oed7scyzj5xomgu23xfnj5o3pnrwh333j63ubkpjcpa._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/230522-w4ww2acg3s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.71
Link:
https://yomi.yoroi.company/submissions/f2afd46cfef3883fc858ca7b7730d4d6ee56a7aedbdb1b1f7bda7dba054f489e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments