Get all the scans for the specified hash.
External DocumentationTo learn more, visit the Hybrid Analysis documentation.

Parameters

ParameterDescription
Scan HashThe hash value to search for. Supported formats are MD5, SHA1, SHA256, or SHA512.

You can find the hash value in the SHA256 field on the Latest Submissions page.

Example Output

[
	{
		"classification_tags": [
			"evasive",
			"njrat",
			"stealer"
		],
		"tags": [
			"evasive",
			"njrat",
			"stealer"
		],
		"submissions": [
			{
				"submission_id": "63dd5e062d9e377060288eab",
				"filename": "b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93",
				"url": null,
				"created_at": "2023-02-03T19:18:30+00:00"
			}
		],
		"machine_learning_models": [],
		"crowdstrike_ai": null,
		"job_id": "63dd5e062d9e377060288eaa",
		"environment_id": 160,
		"environment_description": "Windows 10 64 bit",
		"size": 381952,
		"type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
		"type_short": [
			"peexe",
			"assembly",
			"executable"
		],
		"target_url": null,
		"state": "SUCCESS",
		"error_type": null,
		"error_origin": null,
		"submit_name": "b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93",
		"md5": "9d28b5e6020f1bd5f4b9bbca7405a5bd",
		"sha1": "5e03f35f168cbfe38e959ba7193e156c5dd224ca",
		"sha256": "b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93",
		"sha512": "b610c80ef90f45f34710461ee40c0abc06ceb93e4919ac3b438f9834946e8f3669c44a2924bf7bc6a4cc8159d686dbfc252c5073dae1faa8ac46fe6ccedc14b5",
		"ssdeep": "6144:78XN6W8mmHPtppXPSi9b4Gy4r9FENM8UJLh6EFGUiYMuCE2y:wN6qatppXPlRnEKHRAeGUtQE",
		"imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
		"entrypoint": "0x42bd4e",
		"entrypoint_section": ".text",
		"image_base": "0x400000",
		"subsystem": "Windows Gui",
		"image_file_characteristics": [
			"EXECUTABLE_IMAGE",
			"LARGE_ADDRESS_AWARE"
		],
		"dll_characteristics": [
			"NO_SEH",
			"TERMINAL_SERVER_AWARE",
			"DYNAMIC_BASE",
			"NX_COMPAT",
			"HIGH_ENTROPY_VA"
		],
		"major_os_version": 4,
		"minor_os_version": 0,
		"av_detect": 77,
		"vx_family": "IL:Trojan.MSILZilla",
		"url_analysis": false,
		"analysis_start_time": "2023-02-03T19:18:31+00:00",
		"threat_score": 100,
		"interesting": false,
		"threat_level": 2,
		"verdict": "malicious",
		"certificates": [],
		"is_certificates_valid": null,
		"certificates_validation_message": null,
		"domains": [],
		"compromised_hosts": [],
		"hosts": [],
		"total_network_connections": 0,
		"total_processes": 1,
		"total_signatures": 76,
		"extracted_files": [],
		"file_metadata": null,
		"processes": [],
		"mitre_attcks": [
			{
				"tactic": "Execution",
				"technique": "Native API",
				"attck_id": "T1106",
				"attck_id_wiki": "https://attack.mitre.org/techniques/T1106",
				"malicious_identifiers_count": 0,
				"malicious_identifiers": [],
				"suspicious_identifiers_count": 0,
				"suspicious_identifiers": [],
				"informative_identifiers_count": 3,
				"informative_identifiers": [],
				"parent": null
			},
			{
				"tactic": "Execution",
				"technique": "Windows Management Instrumentation",
				"attck_id": "T1047",
				"attck_id_wiki": "https://attack.mitre.org/techniques/T1047",
				"malicious_identifiers_count": 0,
				"malicious_identifiers": [],
				"suspicious_identifiers_count": 1,
				"suspicious_identifiers": [],
				"informative_identifiers_count": 1,
				"informative_identifiers": [],
				"parent": null
			}
		],
		"network_mode": "default",
		"signatures": [
			{
				"threat_level": 0,
				"threat_level_human": "informative",
				"category": "General",
				"identifier": "static-99",
				"type": 0,
				"relevance": 1,
				"name": "Contains ability to download files from the internet",
				"description": "Observed function downloadfile in b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93.bin",
				"origin": "Static Parser",
				"attck_id": "T1105",
				"capec_id": null,
				"attck_id_wiki": "https://attack.mitre.org/techniques/T1105"
			},
			{
				"threat_level": 0,
				"threat_level_human": "informative",
				"category": "General",
				"identifier": "string-135",
				"type": 2,
				"relevance": 1,
				"name": "Found well known domains (string)",
				"description": "\"mhttps://github.com/LimerBoy/StormKitty\" (Indicator: \"github.com\")",
				"origin": "String",
				"attck_id": null,
				"capec_id": null,
				"attck_id_wiki": null
			}
		]
	}
]

Workflow Library Example

Retrieve All Scans for Given Hash with Hybrid Analysis and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop