MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fa841c1e599d2972006a04ccb61a1c2cd8139db2af6b59d396c2a8cb5d3cbae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0fa841c1e599d2972006a04ccb61a1c2cd8139db2af6b59d396c2a8cb5d3cbae
SHA3-384 hash: 9456e38a29d7fe6837c9ca585ac6bc5c59afef956f252730c410577ba7408b5f33ada764344c778e4726dc4784489d00
SHA1 hash: 8fb8363f1336479b508072e7f21a5995b9abc172
MD5 hash: bf88b774aa442fdecc5e8f10d9476111
humanhash: california-alaska-harry-virginia
File name:vodafone_21.vbe
Download: download sample
File size:211 bytes
First seen:2022-01-21 06:48:07 UTC
Last seen:Never
File type:Visual Basic Script (vbe) vbe
MIME type:application/octet-stream
ssdeep 6:GhPhDFgZrsxROM2iT9OnCxAV8qZ2aKTSMpmxItFn:GhPh+tsXxOnB7Z2BTSMpftFn
TLSH T167D0235D75D540C53645374D6B13BC34AC0D35048414C11FF0496827510475FD10DB06
Reporter JAMESWT_WT
Tags:pw vodafone vbe vodafone

Intelligence

File Origin
# of uploads :
1
# of downloads :
206
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/61ea57610f8c757253d3cdd1/reports/1e621bb8-741d-4016-be74-4e9641d35052/overview
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0fa841c1e599d2972006a04ccb61a1c2cd8139db2af6b59d396c2a8cb5d3cbae/
Threat name:
Script.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2022-01-21 06:49:08 UTC
File Type:
Binary
Extracted files:
1
AV detection:
4 of 42 (9.52%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/220121-hlchsaecc4/
Behaviour
Modifies data under HKEY_USERS
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Sets service image path in registry
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/0fa841c1e599d2972006a04ccb61a1c2cd8139db2af6b59d396c2a8cb5d3cbae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments