MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1aaa6368a8e5f74c470a8b932e0f6377a752ef52f64b38afa5a30564a52cc5ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1aaa6368a8e5f74c470a8b932e0f6377a752ef52f64b38afa5a30564a52cc5ab
SHA3-384 hash: 4891caf50889572fb6c5c8b657e4353c4aa0ade6a9f739665fd4f398adbe0a6e637132b59ea3e5c7b906d75a0ec1eda2
SHA1 hash: a64dd9d2c6c6bde0aef84c6d8c3b95a6f1351cf0
MD5 hash: da46d047266e1a6a884f38d9868f8afb
humanhash: fourteen-hydrogen-illinois-magnesium
File name:datacustomer6J2124455.vbs
Download: download sample
File size:32'239 bytes
First seen:2021-06-01 22:59:09 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 768:Inx+p+p0I0uEx13tsteXe6JbQNRL3/VJ/mh8jNMKFLWmheXPjfKrx8:InkpkIVHstRaPurx8
TLSH D6E219B6EC472D315635A6673C820637EAF150836100A4B0BECE47CD5F7E56901EBAEE
Reporter rmceoin
Tags:vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/163894/
Detection(s):
SecuriteInfo.com.VBS.TrojanDownloader.Agent.VDK.10928.6652.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Launching a process
Creating a process with a hidden window
Launching cmd.exe command interpreter
Sending a UDP request
Transferring files using the Background Intelligent Transfer Service (BITS)
Connection attempt
Result
Verdict:
UNKNOWN
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/795555
Signature
Multi AV Scanner detection for submitted file
Potential malicious VBS script found (suspicious strings)
VBScript performs obfuscated calls to suspicious functions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 427951 Sample: datacustomer6J2124455.vbs Startdate: 02/06/2021 Architecture: WINDOWS Score: 60 43 Multi AV Scanner detection for submitted file 2->43 45 Potential malicious VBS script found (suspicious strings) 2->45 7 cscript.exe 1 2->7         started        10 wscript.exe 2->10         started        12 wscript.exe 2->12         started        process3 signatures4 47 VBScript performs obfuscated calls to suspicious functions 7->47 14 cmd.exe 1 7->14         started        17 cmd.exe 1 7->17         started        19 cmd.exe 1 7->19         started        21 conhost.exe 7->21         started        process5 dnsIp6 41 23.227.202.140, 49693, 80 HVC-ASUS United States 14->41 23 bitsadmin.exe 1 14->23         started        25 cmd.exe 1 14->25         started        27 cmd.exe 1 14->27         started        29 bitsadmin.exe 1 17->29         started        31 cmd.exe 1 17->31         started        33 cmd.exe 1 17->33         started        35 bitsadmin.exe 1 19->35         started        37 cmd.exe 1 19->37         started        39 cmd.exe 1 19->39         started        process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1aaa6368a8e5f74c470a8b932e0f6377a752ef52f64b38afa5a30564a52cc5ab/
Threat name:
Script.Trojan.Bits
Create hunting rule
Status:
Malicious
First seen:
2021-05-25 08:38:01 UTC
AV detection:
5 of 46 (10.87%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210601-4a16wgnwds/
Behaviour
Creates scheduled task(s)
Download via BitsAdmin
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/1aaa6368a8e5f74c470a8b932e0f6377a752ef52f64b38afa5a30564a52cc5ab

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Visual Basic Script (vbs) vbs 1aaa6368a8e5f74c470a8b932e0f6377a752ef52f64b38afa5a30564a52cc5ab

(this sample)

Visual Basic Script (vbs) vbs 8bcd7b55aedae9851b12c98228344807ba8df431fd2a3a5090a20662c5c95385

  
Link
http://ooo-usadba.ru/admin/infodata.php?r=bD1odHRwOi8vcGlvbGljYW5jaGVyaW5pLmNvbS5ici9mbGl0Y2gucGhwJnY3PUNRdEZYdzFMUWc5Q1JUZ1JUUmxBVlFsREVrMUFRQVlERGc9PQ==
  
Dropping
SHA256 8bcd7b55aedae9851b12c98228344807ba8df431fd2a3a5090a20662c5c95385
  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/163894/

Comments