MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14448088ae4dd96af8de65e81abbfbdd5493f380e218f8389d2110d1cfbf8299. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14448088ae4dd96af8de65e81abbfbdd5493f380e218f8389d2110d1cfbf8299
SHA3-384 hash: 0fa156b455a2c3c42fe947b4b58e70b7cac00bbf646554c969a0135ae29fd547fba935a0933a58e87c68b345d5c0bc67
SHA1 hash: 237299fd36053551c81d3ab4d789bb8ef33ecd31
MD5 hash: 64ae32743ef0832c5d86893d301dc960
humanhash: arizona-connecticut-missouri-black
File name:Property.vbs
Download: download sample
File size:1'132 bytes
First seen:2021-08-02 18:05:03 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 24:APcmi+r3ibiLzeArpIqmnAMvAN5STD69P1EI3SDKV:rt+biOLz5rK/AN5SPc1EI3D
Threatray 81 similar samples on MalwareBazaar
TLSH T1282100203A0BF1359049E3C69DBE9A35F2AB6266C5604485323DC199907B5EE28C3ECE
Reporter abuse_ch
Tags:vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
121
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/175861/
Result
Verdict:
UNKNOWN
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/825675
Signature
Creates an undocumented autostart registry key
Obfuscated command line found
Sigma detected: Suspicious PowerShell Command Line
VBScript performs obfuscated calls to suspicious functions
Wscript starts Powershell (via cmd or directly)
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/14448088ae4dd96af8de65e81abbfbdd5493f380e218f8389d2110d1cfbf8299/
Threat name:
Script.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2021-08-02 18:05:10 UTC
AV detection:
2 of 46 (4.35%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=crcibcfojxmwv6g6mxubvo733vkjh44a4impqoe5eeindt57qkmq._file
Verdict:
suspicious
Similar samples:
1b34eb8148662e0e7c52c0e316f01fd396e72a115d143868bc3cdc474b8ae01e
2b4fcba2cacdd48089b43c746a24cda262ee87db830bd9aaf9ee82f5cb900de5
416f3b7993ceaa6819402c66c9b2de0a4de163cd9765dd8dffe81cdbab538c48
59c0a91faf884e242be0d2384d94eba2536a8f155ae568355eed225f2543176e
66af5edcb0b90924a25f4cf764ae81eb754b58da9bde404761f48eafd1ead410
8c9d614da4ea17f4261a105adbe73992c0df1f5639310f78db244fdf3fe338fe
a550fdbbfd0b9b50ebff8877004ffa9914d0587c618389332c1c70a7b5b8bf0e
d9d27f03e2f8bc97451296da9a7ddeac39ede3240306fa198bf898434b58c53c
df047189f75d998dc499072881c762fd001360f5cf184b801cb8c232b5c567f6
+ 71 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
suricata
Link:
https://tria.ge/reports/210802-53vh8e2g4a/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Blocklisted process makes network request
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
Malware Config
Dropper Extraction:
https://ia601405.us.archive.org/15/items/bbb_bypass/bbb_bypass.txt
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/14448088ae4dd96af8de65e81abbfbdd5493f380e218f8389d2110d1cfbf8299

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Visual Basic Script (vbs) vbs 14448088ae4dd96af8de65e81abbfbdd5493f380e218f8389d2110d1cfbf8299

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/175861/

Comments