MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f655c276abb6f67aa3d279e0a33fa654c6924e126bdaf2493f5371b698811a4a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f655c276abb6f67aa3d279e0a33fa654c6924e126bdaf2493f5371b698811a4a
SHA3-384 hash: f96921de7ef16a3949b620750e5ae6e4256c0665f2edfd8d9ae6793f0ddf9eef7d1fa2e155b6ba8885daca43a030a40f
SHA1 hash: 81b38b5fc1a8c284b314bf8c4c427ea6ed97d26b
MD5 hash: 03ddb545117f17e2ef5038b28653aad9
humanhash: massachusetts-massachusetts-alanine-twelve
File name:Cisco-Secure-Client.bat
Download: download sample
File size:1'675 bytes
First seen:2025-12-30 19:01:42 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/plain
ssdeep 24:AJeTwYSqP/QLfCkjggsS+AZLi6M90SocwTsDn2DOIRi1ICyhERLKvX04+OGPqP9n:9PdO/chCOfiE884JGPW+Nbf1O
TLSH T16331E18F1C0615FA0FB558961B682DDEA24FEB82F362D1CC7A494444F84C2D6447CA7F
Magika batch
Reporter smica83
Tags:bat

Intelligence

File Origin
# of uploads :
1
# of downloads :
48
Origin country :
HU HU
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
_f655c276abb6f67aa3d279e0a33fa654c6924e126bdaf2493f5371b698811a4a.txt
Verdict:
Malicious activity
Analysis date:
2025-12-30 19:04:02 UTC
Tags:
wmi-base64 evasion powershell
Link:
https://app.any.run/tasks/209db22e-d050-46d7-9d37-e242e2bc54ce

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/46598/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=695422227d915bf1778f1164
Tags:
n/a
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/695421b8127d6a14e0c8e637/reports/b7aabb49-6cd6-470e-ac1e-5960406af3cf/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/f655c276abb6f67aa3d279e0a33fa654c6924e126bdaf2493f5371b698811a4a
Result
Gathering data
Verdict:
Malicious
File Type:
cmd
Detections:
Trojan.BAT.Qbot.sb
Link:
https://opentip.kaspersky.com/f655c276abb6f67aa3d279e0a33fa654c6924e126bdaf2493f5371b698811a4a/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
bank.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1842245
Signature
Antivirus detection for URL or domain
Bypasses PowerShell execution policy
Encrypted powershell cmdline option found
Found suspicious powershell code related to unpacking or dynamic code loading
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Malicious encrypted Powershell command line found
Malicious sample detected (through community Yara rule)
Performs DNS queries to domains with low reputation
PowerShell case anomaly found
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Suspicious Encoded PowerShell Command Line
Sigma detected: Suspicious PowerShell Encoded Command Patterns
Sigma detected: Suspicious PowerShell Parameter Substring
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1842245 Sample: Cisco-Secure-Client.bat Startdate: 30/12/2025 Architecture: WINDOWS Score: 100 44 ptk2.xyz 2->44 46 lebrinw.icu 2->46 48 2 other IPs or domains 2->48 60 Malicious sample detected (through community Yara rule) 2->60 62 Antivirus detection for URL or domain 2->62 64 Sigma detected: Suspicious PowerShell Encoded Command Patterns 2->64 68 3 other signatures 2->68 9 cmd.exe 1 2->9         started        signatures3 66 Performs DNS queries to domains with low reputation 44->66 process4 signatures5 72 Malicious encrypted Powershell command line found 9->72 74 Encrypted powershell cmdline option found 9->74 76 PowerShell case anomaly found 9->76 12 powershell.exe 14 22 9->12         started        15 curl.exe 1 9->15         started        18 cmd.exe 1 9->18         started        20 conhost.exe 9->20         started        process6 dnsIp7 78 Malicious encrypted Powershell command line found 12->78 80 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 12->80 82 Encrypted powershell cmdline option found 12->82 84 2 other signatures 12->84 22 powershell.exe 26 12->22         started        26 powershell.exe 31 12->26         started        28 powershell.exe 13 12->28         started        30 powershell.exe 13 12->30         started        56 lebrinw.icu 104.21.53.219, 443, 49692, 49695 CLOUDFLARENETUS United States 15->56 58 127.0.0.1 unknown unknown 15->58 32 curl.exe 1 18->32         started        signatures8 process9 dnsIp10 50 ptk2.xyz 88.119.175.84, 443, 49706 IST-ASLT Lithuania 22->50 52 baser22.online 194.15.113.210, 443, 49697, 49700 INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGB Ukraine 22->52 54 ifconfig.me 34.160.111.145, 443, 49698 ATGS-MMD-ASUS United States 22->54 70 Loading BitLocker PowerShell Module 22->70 34 conhost.exe 22->34         started        36 conhost.exe 26->36         started        38 quser.exe 1 26->38         started        40 conhost.exe 28->40         started        42 conhost.exe 30->42         started        signatures11 process12
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/f655c276abb6f67aa3d279e0a33fa654c6924e126bdaf2493f5371b698811a4a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f655c276abb6f67aa3d279e0a33fa654c6924e126bdaf2493f5371b698811a4a/
Verdict:
Malicious
Threat:
Trojan.BAT.Qbot
Link:
https://tip.neiki.dev/file/f655c276abb6f67aa3d279e0a33fa654c6924e126bdaf2493f5371b698811a4a
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6zk4e5vlw33hvi6sphqkgp5gktdjetqsnpnpesj7kny3ngebdjfa._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/46598/

Comments