471faa43f4811a0250648d586cb3eebf
Hash
- MD5: 471faa43f4811a0250648d586cb3eebf
- SHA1: 1527e74b89c59e6f19f2f082a49098fdee94f329
- SHA256: dbabe32a48e1aaeaaa761ec09c8bc59e82decf13361e392a8d9b7c4f82d58cd9
- First Seen: 2026-05-15
- Last Seen: 2026-05-15
-
1
Related Reports
-
0
Related IOCs
Additional Information
MalwareBazaar
{
"query_status": "ok",
"data": [
{
"sha256_hash": "dbabe32a48e1aaeaaa761ec09c8bc59e82decf13361e392a8d9b7c4f82d58cd9",
"sha3_384_hash": "0fca5a10a8bfc6a8478529ede147a09c27b23c4fbb1c5da3401c67e1dc81b108be2da1674c13953467eaf110d8c333f6",
"sha1_hash": "1527e74b89c59e6f19f2f082a49098fdee94f329",
"md5_hash": "471faa43f4811a0250648d586cb3eebf",
"first_seen": "2026-03-31 05:36:23",
"last_seen": null,
"file_name": "bpvme.ps1",
"file_size": 3002,
"file_type_mime": "text/plain",
"file_type": "ps1",
"file_format": null,
"file_arch": null,
"reporter": "KodaDr",
"origin_country": "RU",
"anonymous": 0,
"signature": "Kimsuky",
"imphash": null,
"tlsh": "T1BA51F114B35AC681C056C7BBCEE97D1BA135048FBD105A3880EB5E4CF9B553EC8E61DA",
"telfhash": null,
"gimphash": null,
"ssdeep": "48:s7Bkj7BFBJtBazgI7wA9tc/9EDM9VqWxMT4b+i/se+iNnLF3bXckMTE7pWd3HmXJ:s7+j7j3tiTsA9tc/9DVqWx+4bJ/seJh5",
"magika": "powershell",
"dhash_icon": null,
"trid": null,
"comment": null,
"archive_pw": null,
"tags": [
"Kimsuky",
"PowerShell",
"ps1"
],
"code_sign": null,
"delivery_method": null,
"intelligence": {
"clamav": [
"SecuriteInfo.com.PwrSh.Kimsuky-S.79122485.UNOFFICIAL"
],
"downloads": "101",
"uploads": "1",
"mail": null
},
"file_information": null,
"ole_information": [],
"yara_rules": [
{
"rule_name": "detect_powershell",
"author": "daniyyell",
"description": "Detects suspicious PowerShell activity related to malware execution",
"reference": null
},
{
"rule_name": "FreddyBearDropper",
"author": "Dwarozh Hoshiar",
"description": "Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.",
"reference": null
}
],
"vendor_intel": {
"CERT-PL_MWDB": {
"detection": null,
"link": "https://mwdb.cert.pl/sample/dbabe32a48e1aaeaaa761ec09c8bc59e82decf13361e392a8d9b7c4f82d58cd9/"
},
"YOROI_YOMI": {
"detection": "Malicious File",
"score": "0.90"
},
"Triage": {
"malware_family": null,
"score": "8",
"link": "https://tria.ge/reports/260331-gbae1ah12s/",
"tags": [
"execution"
],
"signatures": [
{
"signature": "Badlisted process makes network request",
"score": "8"
},
{
"signature": "Deletes itself",
"score": "7"
},
{
"signature": "Command and Scripting Interpreter: PowerShell",
"score": "3"
},
{
"signature": "Suspicious behavior: EnumeratesProcesses",
"score": null
},
{
"signature": "Suspicious use of AdjustPrivilegeToken",
"score": null
}
],
"malware_config": []
},
"ReversingLabs": {
"threat_name": "Script-PowerShell.Backdoor.Kimsuky",
"status": "MALICIOUS",
"first_seen": "2026-03-30 23:43:01",
"scanner_count": "36",
"scanner_match": "2",
"scanner_percent": "5.56"
},
"Spamhaus_HBL": [
{
"detection": "suspicious",
"link": "https://www.spamhaus.org/hbl/"
}
],
"FileScan-IO": {
"verdict": "MALICIOUS",
"threatlevel": "1.0",
"confidence": "1.0",
"report_link": "https://www.filescan.io/uploads/69cb5d8e2346b9da57b2592e/reports/2e67f05b-4d4f-474c-90db-a5c102a65138/overview"
},
"Kaspersky": {
"verdict": "Malware",
"file_type": "ps1",
"first_seen": "2026-03-30T21:40:00Z",
"last_seen": "2026-03-31T02:42:00Z",
"hitscount": 10,
"report_link": "https://opentip.kaspersky.com/dbabe32a48e1aaeaaa761ec09c8bc59e82decf13361e392a8d9b7c4f82d58cd9/results?tab=lookup",
"detections": [
"Trojan.PowerShell.Agent.sb"
]
}
},
"comments": null
}
]
}