MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 43202b6bcac9d8c195da84abee91ebd15ee80337421dc6e0eaa1c2e1481bb123. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


sLoad


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 43202b6bcac9d8c195da84abee91ebd15ee80337421dc6e0eaa1c2e1481bb123
SHA3-384 hash: fc60fe00b82d6fd7a4adfd52d7d8f940422d352188912b0b346da705b312428404c14abd62cccdb5f0408514bf9aa114
SHA1 hash: 4cbe4c33fc5f44265e15bb6e583f46c878a97341
MD5 hash: 70053c798a635f12c002e57eacb3bd26
humanhash: echo-charlie-xray-oven
File name:00SBLFNC71R18D160W.vbs
Download: download sample
Signature sLoad
Create hunting rule
File size:699 bytes
First seen:2021-03-01 08:32:54 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 12:9vWd2vV+h/RH2HUVXTDeW8dlQoX1Pw2k3U3VkLcaxksFP39vrtzpFVsn:9A2vV+7W0VjDN8dlXFoh3U3VycaxbtzW
Threatray 1 similar samples on MalwareBazaar
TLSH EF01FEB032EF5311B9033ECD49F3E1D84C2559501FE98DFB61257B62B48D113CAA5028
Reporter k0smik0
Tags:SLoad

Intelligence

File Origin
# of uploads :
1
# of downloads :
130
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/120179/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Running batch commands
Creating a process with a hidden window
Creating a file
Transferring files using the Background Intelligent Transfer Service (BITS)
DNS request
Connection attempt
Sending a UDP request
Creating a process from a recently created file
Result
Verdict:
UNKNOWN
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/621888
Signature
Binary contains a suspicious time stamp
VBScript performs obfuscated calls to suspicious functions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 359942 Sample: 00SBLFNC71R18D160W.vbs Startdate: 01/03/2021 Architecture: WINDOWS Score: 52 31 Binary contains a suspicious time stamp 2->31 7 wscript.exe 1 2->7         started        process3 signatures4 33 VBScript performs obfuscated calls to suspicious functions 7->33 10 cmd.exe 1 7->10         started        12 aREepkDUA.exe 22 7->12         started        14 lALIBfVin.exe 1 7->14         started        process5 process6 16 cmd.exe 2 10->16         started        19 cmd.exe 2 10->19         started        21 conhost.exe 10->21         started        23 conhost.exe 12->23         started        25 conhost.exe 14->25         started        file7 27 C:\ProgramData\aREepkDUA.exe, PE32 16->27 dropped 29 C:\ProgramData\lALIBfVin.exe, PE32 19->29 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/43202b6bcac9d8c195da84abee91ebd15ee80337421dc6e0eaa1c2e1481bb123/
Threat name:
Script.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2021-03-01 08:33:05 UTC
AV detection:
2 of 47 (4.26%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=imqcw26kzhmmdfo2qsv65epl2fpoqazxiio4nyhkuhbocsa3werq._file
Verdict:
unknown
Similar samples:
c1eb88cc7f7b43de1ef71fae416c729483d71fa930314c36dfb03b01b8455d31
sLoad
Result
Malware family:
sload
Create hunting rule
Score:
  10/10
Tags:
family:sload stealer trojan
Link:
https://tria.ge/reports/210301-9l9zt75e46/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Executes dropped EXE
sLoad
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/43202b6bcac9d8c195da84abee91ebd15ee80337421dc6e0eaa1c2e1481bb123

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/120179/

Comments