MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40d4d7b0bc47b1d30167dd7fc9bd6bd34d99b8e0ae2c4537f94716e58e7a5aeb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ligolo


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40d4d7b0bc47b1d30167dd7fc9bd6bd34d99b8e0ae2c4537f94716e58e7a5aeb
SHA3-384 hash: 7947791c6e04fbc530c6122297be0cd56789e1bac967466c40f41549076955b701849518972c5d2fa4533efcc64fc166
SHA1 hash: 785b8800bca0b82dc4993917ab62802a0d71d40f
MD5 hash: 473949798b06cf667bdd198c894e89a2
humanhash: jig-arizona-london-arizona
File name:ServiceUpdateWindows.vbs
Download: download sample
Signature Ligolo
Create hunting rule
File size:770 bytes
First seen:2025-07-31 10:20:56 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 24:KqahwANxb/2W7S7gkc0KHEXsvMMpV54Wfo6ML1Bk:BCV/2esgF0EvhpVy1Bk
TLSH T188012020942A8DD90F63A15184E62C18EDFAF7D133A5C4719B948D3D149228073DB849
Magika vba
Reporter Joker
Tags:Ligolo malware trojan vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/17983/
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=688b43ac0b4775fb2133e57c
Tags:
dropper trojan shell
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/40d4d7b0bc47b1d30167dd7fc9bd6bd34d99b8e0ae2c4537f94716e58e7a5aeb
Score:
45%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/40d4d7b0bc47b1d30167dd7fc9bd6bd34d99b8e0ae2c4537f94716e58e7a5aeb
Verdict:
Malware
YARA:
1 match(es)
Tags:
Batch Command DeObfuscated PowerShell PowerShell Call Scripting.FileSystemObject VBScript WScript.Shell
Link:
https://app.malva.re/file/473949798b06cf667bdd198c894e89a2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/40d4d7b0bc47b1d30167dd7fc9bd6bd34d99b8e0ae2c4537f94716e58e7a5aeb/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=idknpmf4i6y5galh3v74tpll2ngztohavywekn7zi4loldt2llvq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
execution
Link:
https://tria.ge/reports/250731-mdtjjssxhy/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/40d4d7b0bc47b1d30167dd7fc9bd6bd34d99b8e0ae2c4537f94716e58e7a5aeb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/17983/

Comments