MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26c09b99ccf20a046c2dc963395465b7bf5c4b58de0d859a2a00521c4c8b489d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26c09b99ccf20a046c2dc963395465b7bf5c4b58de0d859a2a00521c4c8b489d
SHA3-384 hash: 61eba9e8ccc1177637cbdd41f562a6d570af173471d2deb500b27df7d8542802cc75d594d526ff8991932ac08ae81237
SHA1 hash: a7e3a62d4f67df871e5d7efb86091423317fd6f3
MD5 hash: 75d8998bce4042d50caec8af23774de8
humanhash: steak-glucose-eighteen-lamp
File name:wejustgivenbestpeopelswithbetterthaneverbeforetogetback.vbe
Download: download sample
File size:2'747'228 bytes
First seen:2025-06-27 11:58:04 UTC
Last seen:Never
File type:Visual Basic Script (vbe) vbe
MIME type:application/octet-stream
ssdeep 24576:G+iSJqI+323XH6xr689ZvOYMikNfWqsNRPI0PaFYhQv+wIQaTB26INulFSomVk94:L6NrnMhyg
TLSH T11BD59F5C94B09CA16468FF34AA89F7C78CE903952B2B0B520FE595923352C43FEA3775
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Magika mp3
Reporter JAMESWT_WT
Tags:links-dansarindustries-com vbe

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
IT IT
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.VBS.Encrypted.Gen.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685e876f37c3436779468c72
Tags:
obfuscate xtreme shell
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/685e8767c4a908e875dc41f6/reports/f49d20da-fa48-46ef-abb1-f35a52a2656e/overview
Verdict:
Suspicious
Labled as:
VBS/Agent.CCJ
Link:
https://www.hybrid-analysis.com/sample/26c09b99ccf20a046c2dc963395465b7bf5c4b58de0d859a2a00521c4c8b489d
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26c09b99ccf20a046c2dc963395465b7bf5c4b58de0d859a2a00521c4c8b489d/
Threat name:
Script-WScript.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-06-27 01:11:59 UTC
File Type:
Binary
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e3ajxgom6ifai3bnzfrtsvdfw67vys2y3ygylgrkabjbyteljcoq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery execution
Link:
https://tria.ge/reports/250627-n48a3avry8/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Checks computer location settings
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/26c09b99ccf20a046c2dc963395465b7bf5c4b58de0d859a2a00521c4c8b489d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Visual Basic Script (vbe) vbe 26c09b99ccf20a046c2dc963395465b7bf5c4b58de0d859a2a00521c4c8b489d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3570777/
  
Delivery method
Distributed via web download

Comments