Skip to main content

Retrieve All Scans For Given Hash

Get all the scans for the specified hash.

Parameters

ParameterDescription
Scan HashThe scan hash to search by.The hash can be found in the Latest Submissions page in the SHA256 field.

Example Output

[
{
"classification_tags": [
"evasive",
"njrat",
"stealer"
],
"tags": [
"evasive",
"njrat",
"stealer"
],
"submissions": [
{
"submission_id": "63dd5e062d9e377060288eab",
"filename": "b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93",
"url": null,
"created_at": "2023-02-03T19:18:30+00:00"
}
],
"machine_learning_models": [],
"crowdstrike_ai": null,
"job_id": "63dd5e062d9e377060288eaa",
"environment_id": 160,
"environment_description": "Windows 10 64 bit",
"size": 381952,
"type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
"type_short": [
"peexe",
"assembly",
"executable"
],
"target_url": null,
"state": "SUCCESS",
"error_type": null,
"error_origin": null,
"submit_name": "b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93",
"md5": "9d28b5e6020f1bd5f4b9bbca7405a5bd",
"sha1": "5e03f35f168cbfe38e959ba7193e156c5dd224ca",
"sha256": "b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93",
"sha512": "b610c80ef90f45f34710461ee40c0abc06ceb93e4919ac3b438f9834946e8f3669c44a2924bf7bc6a4cc8159d686dbfc252c5073dae1faa8ac46fe6ccedc14b5",
"ssdeep": "6144:78XN6W8mmHPtppXPSi9b4Gy4r9FENM8UJLh6EFGUiYMuCE2y:wN6qatppXPlRnEKHRAeGUtQE",
"imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
"entrypoint": "0x42bd4e",
"entrypoint_section": ".text",
"image_base": "0x400000",
"subsystem": "Windows Gui",
"image_file_characteristics": [
"EXECUTABLE_IMAGE",
"LARGE_ADDRESS_AWARE"
],
"dll_characteristics": [
"NO_SEH",
"TERMINAL_SERVER_AWARE",
"DYNAMIC_BASE",
"NX_COMPAT",
"HIGH_ENTROPY_VA"
],
"major_os_version": 4,
"minor_os_version": 0,
"av_detect": 77,
"vx_family": "IL:Trojan.MSILZilla",
"url_analysis": false,
"analysis_start_time": "2023-02-03T19:18:31+00:00",
"threat_score": 100,
"interesting": false,
"threat_level": 2,
"verdict": "malicious",
"certificates": [],
"domains": [],
"compromised_hosts": [],
"hosts": [],
"total_network_connections": 0,
"total_processes": 1,
"total_signatures": 76,
"extracted_files": [],
"file_metadata": null,
"processes": [],
"mitre_attcks": [
{
"tactic": "Execution",
"technique": "Native API",
"attck_id": "T1106",
"attck_id_wiki": "https://attack.mitre.org/techniques/T1106",
"malicious_identifiers_count": 0,
"malicious_identifiers": [],
"suspicious_identifiers_count": 0,
"suspicious_identifiers": [],
"informative_identifiers_count": 3,
"informative_identifiers": [],
"parent": null
},
{
"tactic": "Execution",
"technique": "Windows Management Instrumentation",
"attck_id": "T1047",
"attck_id_wiki": "https://attack.mitre.org/techniques/T1047",
"malicious_identifiers_count": 0,
"malicious_identifiers": [],
"suspicious_identifiers_count": 1,
"suspicious_identifiers": [],
"informative_identifiers_count": 1,
"informative_identifiers": [],
"parent": null
}
],
"network_mode": "default",
"signatures": [
{
"threat_level": 0,
"threat_level_human": "informative",
"category": "General",
"identifier": "static-99",
"type": 0,
"relevance": 1,
"name": "Contains ability to download files from the internet",
"description": "Observed function downloadfile in b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93.bin",
"origin": "Static Parser",
"attck_id": "T1105",
"capec_id": null,
"attck_id_wiki": "https://attack.mitre.org/techniques/T1105"
},
{
"threat_level": 0,
"threat_level_human": "informative",
"category": "General",
"identifier": "string-135",
"type": 2,
"relevance": 1,
"name": "Found well known domains (string)",
"description": "\"mhttps://github.com/LimerBoy/StormKitty\" (Indicator: \"github.com\")",
"origin": "String",
"attck_id": null,
"capec_id": null,
"attck_id_wiki": null
}
]
}
]

Workflow Library Example

Retrieve All Scans for Given Hash with Hybrid Analysis and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop