MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d7d08118935757fe3f528538abde2e16f054264127b6f420c2ee44e6fcff568. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d7d08118935757fe3f528538abde2e16f054264127b6f420c2ee44e6fcff568
SHA3-384 hash: 1e0946b2a1a7a14bee3367e26fd5f0251382e2fdf0ebeeaf64c0477824e933657d6957819eb851af8b5eb934b47c20bf
SHA1 hash: 8dd178013729f2e8387f56ab3fede0763052fbe9
MD5 hash: 14022f99d9301ca99037324ed0a370ea
humanhash: violet-happy-arizona-quebec
File name:Aosmic.vbs
Download: download sample
File size:16'626 bytes
First seen:2022-11-14 13:05:55 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 384:Ur2bBhccdR5ccJccZccScYccpcclccCccrccbccvcc6ccJccccc+ycc+cmccJccz:tY7s59bEfZJW02r+U4j
Threatray 3'177 similar samples on MalwareBazaar
TLSH T122725B90DF81361BC68E1ACC6C039C4A816F7660B53558F47DA09347EE05D8ED0FA26E
Reporter abuse_ch
Tags:vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/333754/
Detection(s):
SecuriteInfo.com.VB.Trojan.Valyria.7465.24973.16532.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/63723d4507c3f5e84a01113a/reports/57179867-bd87-4d89-9aa4-662b80ca0f0c/overview
Result
Verdict:
MALICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1112872
Signature
Machine Learning detection for dropped file
Malicious sample detected (through community Yara rule)
Obfuscated command line found
Potential malicious VBS script found (suspicious strings)
Sigma detected: Dot net compiler compiles file from suspicious location
VBScript performs obfuscated calls to suspicious functions
Very long command line found
Wscript starts Powershell (via cmd or directly)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 745570 Sample: Aosmic.vbs Startdate: 14/11/2022 Architecture: WINDOWS Score: 84 34 Malicious sample detected (through community Yara rule) 2->34 36 Sigma detected: Dot net compiler compiles file from suspicious location 2->36 38 Potential malicious VBS script found (suspicious strings) 2->38 40 Machine Learning detection for dropped file 2->40 8 wscript.exe 1 1 2->8         started        process3 signatures4 42 VBScript performs obfuscated calls to suspicious functions 8->42 44 Wscript starts Powershell (via cmd or directly) 8->44 46 Obfuscated command line found 8->46 48 Very long command line found 8->48 11 powershell.exe 15 26 8->11         started        15 cmd.exe 1 8->15         started        process5 dnsIp6 32 drive.google.com 172.217.168.46, 443, 49715 GOOGLEUS United States 11->32 30 C:\Users\user\AppData\...\a1k3fmh0.cmdline, Unicode 11->30 dropped 17 csc.exe 3 11->17         started        20 WerFault.exe 23 9 11->20         started        22 conhost.exe 11->22         started        24 conhost.exe 15->24         started        file7 process8 file9 28 C:\Users\user\AppData\Local\...\a1k3fmh0.dll, PE32 17->28 dropped 26 cvtres.exe 1 17->26         started        process10
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3d7d08118935757fe3f528538abde2e16f054264127b6f420c2ee44e6fcff568/
Threat name:
Win32.Trojan.Valyria
Create hunting rule
Status:
Malicious
First seen:
2022-11-14 12:57:58 UTC
File Type:
Text (VBS)
AV detection:
5 of 40 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hv6qqemjgv2x7y7vfbjyvppc4fxqkqtecj5w6qqmf3se436p6vua._file
Verdict:
malicious
Similar samples:
2954a47a08fc2a79ab0644550c68c380b67ace8d62c0c58933b756e4a541d91d
2eafbf195ee3064026099a6f5f6c78aaaae170c9fb81a5f49f501bf0f061cfd4
6d6ebf1870d5d9c6bfebdc9fee3a3f381f86b32770f34df41364f905a489486c
7b2bcaa3723a8198c9a6f0878b77c7887554079e77e5c9b8f444570be1d744f6
8f6e203a52757cdb71ffbf15b696f0518f17862579863e139af08fafe1e1feb6
948eced5fa27e7fc39b404778a20a98d2614158f4f54f1d151de933066045b10
e5120ba9e08623e6f047e1c50aacc2787631e53d8fd547f5d45cd7af81fd7494
+ 3'167 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221114-qb5qksbg29/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Legitimate hosting services abused for malware hosting/C2
Checks computer location settings
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3d7d08118935757fe3f528538abde2e16f054264127b6f420c2ee44e6fcff568

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/333754/

Comments