MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c8213455acc09f30ae3d2c48194cc9b1fe18d51aa31ec3fd451905e543cac5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c8213455acc09f30ae3d2c48194cc9b1fe18d51aa31ec3fd451905e543cac5d
SHA3-384 hash: daa7eb70c32504eb0b30831058a211b341cea645b1fb4b10bb3888608754cb42d70d7337d5e43e360a47fbe69b17fcef
SHA1 hash: 2f0e148883799c4511e8ba45d5b6565c35985dc6
MD5 hash: 7e01b56142f2409efb3f79ac4666816e
humanhash: mountain-rugby-jig-spring
File name:Pago.vbs
Download: download sample
File size:1'242'734 bytes
First seen:2026-02-02 22:01:36 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 96:jio6ucyfOTOblLMv4pDpoXF22X1DR+aXWVj4iD+GRM/LqJJ9X9DXTvTifIpv4zl1:jHrDXeb0JIoIBclMUJBv6N
TLSH T1FA45135EE39DAF44BEAC39CD9781B00BBFF12EE42544B560640A721ED468B532B73742
Magika txt
Reporter James_inthe_box
Tags:exe vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
133
Origin country :
US US
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/51357/
Detection(s):
SecuriteInfo.com.VBS.Agent-101.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69811ef64cec271dd7053ba2
Tags:
obfuscate xtreme blic
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm base64 fingerprint obfuscated powershell
Link:
https://www.filescan.io/uploads/69811ef2930564ff3c851d57/reports/79028e37-36e3-404e-9c21-fb62bb30b0f0/overview
Verdict:
Malicious
Labled as:
PSH/Agent.WL
Link:
https://www.hybrid-analysis.com/sample/2c8213455acc09f30ae3d2c48194cc9b1fe18d51aa31ec3fd451905e543cac5d
Verdict:
Malicious
File Type:
vbs
Detections:
PDM:Trojan.Win32.Generic Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/2c8213455acc09f30ae3d2c48194cc9b1fe18d51aa31ec3fd451905e543cac5d/results?tab=lookup
Score:
5%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/2c8213455acc09f30ae3d2c48194cc9b1fe18d51aa31ec3fd451905e543cac5d
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2c8213455acc09f30ae3d2c48194cc9b1fe18d51aa31ec3fd451905e543cac5d/
Verdict:
Malicious
Threat:
Trojan.JS.SAgent
Link:
https://tip.neiki.dev/file/2c8213455acc09f30ae3d2c48194cc9b1fe18d51aa31ec3fd451905e543cac5d
Threat name:
Script-WScript.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-02 22:01:55 UTC
File Type:
Binary
AV detection:
5 of 24 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fsbbgrk2zqe7gcxd2lcidfgmtmp6ddkrviy6yp6ukgif4vb4vroq._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
execution persistence
Link:
https://tria.ge/reports/260202-1xzrkaes7d/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Process spawned unexpected child process
Malware Config
Dropper Extraction:
https://uniworldrivercruises-co.uk/optimized_MSI.png
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/2c8213455acc09f30ae3d2c48194cc9b1fe18d51aa31ec3fd451905e543cac5d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ClamAV_Emotet_String_Aggregate
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/51357/

Comments