MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45f93ac0b19e3404dd4b9141173bb6d399b2a07087748d85791f3ff09595f805. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DeerStealer


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45f93ac0b19e3404dd4b9141173bb6d399b2a07087748d85791f3ff09595f805
SHA3-384 hash: e72804d20fc1e3cb407b04f7fe9c5b1eb790f67b7154291ad2cae471b3471529de677cf2f9894b4b32fb12f3a7c1e4c5
SHA1 hash: 74f5c7754855a7c8758bca9ce41db33a29393305
MD5 hash: 2d1ba28d765b1621e21385de393af4a4
humanhash: happy-avocado-ack-glucose
File name:dk.vbs
Download: download sample
Signature DeerStealer
Create hunting rule
File size:770 bytes
First seen:2025-12-17 16:53:35 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 12:9vWdb6K1HeIThhi88Ot5JbHyYUMfffFqCDi+ikixik+KwS0lUD:9AW2jiV2bSYlfNDhWxiqwK
Threatray 20 similar samples on MalwareBazaar
TLSH T1DF01CB17DD26D1E8463485F987604A0ACCC2F4A392565C39B95CCC266F720BDA8B41FF
Magika vba
Reporter pr0xylife
Tags:DeerStealer vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
48
Origin country :
NL NL
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45332/
Verdict:
Malicious
Score:
94.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6942e038c97f4a807a3b9296
Tags:
trojandownloader virus html
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive lolbin msiexec
Link:
https://www.filescan.io/uploads/6942e037a7163552ba01eccf/reports/ac3a58a0-09c1-4762-b635-2fc1fe5af3e1/overview
Verdict:
Malicious
Labled as:
TrojanDownloader/VBS.Agent
Link:
https://www.hybrid-analysis.com/sample/45f93ac0b19e3404dd4b9141173bb6d399b2a07087748d85791f3ff09595f805
Verdict:
Malicious
File Type:
vbs
First seen:
2025-12-17T05:39:00Z UTC
Last seen:
2025-12-18T23:02:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan.OLE2.Alien.gen Trojan-Downloader.VBS.SLoad.sb Trojan.Win32.Strab.sb Trojan.Win32.Penguish.sb HEUR:Trojan.VBS.Alien.gen Trojan.Win32.DLLhijack.acib Trojan.Win32.DLLhijack.acic
Link:
https://opentip.kaspersky.com/45f93ac0b19e3404dd4b9141173bb6d399b2a07087748d85791f3ff09595f805/results?tab=lookup
Score:
70%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/45f93ac0b19e3404dd4b9141173bb6d399b2a07087748d85791f3ff09595f805
Verdict:
Malware
YARA:
1 match(es)
Tags:
ADODB.Stream MSXML2.ServerXMLHTTP.6.0 VBScript WScript.Shell
Link:
https://app.malva.re/file/2d1ba28d765b1621e21385de393af4a4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/45f93ac0b19e3404dd4b9141173bb6d399b2a07087748d85791f3ff09595f805/
Verdict:
Malicious
Threat:
Trojan.Win32.Strab
Link:
https://tip.neiki.dev/file/45f93ac0b19e3404dd4b9141173bb6d399b2a07087748d85791f3ff09595f805
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ix4tvqfrty2ajxklsfaroo5w2om3fidqq52i3blzd477bfmv7acq._file
Verdict:
malicious
Label(s):
hijackloader
Create hunting rule
deerstealer
Create hunting rule
Similar samples:
062653518f1b169c714c9053bc932317ce32fc2f415dddd70de5e5550620d61d
DeerStealer
0852ae81624c390a57e57d930e86b8c1bc080813481ee5bd505f81352c7e6fe6
DeerStealer
25b34f7a1aa68458a150182a2a292ea61bc3a45a72782839fdc0be58b90bd655
DeerStealer
3fb59b7657edcf0b5e2ebb865c8aafe6537246c4d2cf948b1227ba2bb913487d
DeerStealer
9705b02f24c62bc938211d125bfeb3c4fc842b2cd74f05df36cfb3a23c7bbcec
DeerStealer
bb185d54e5fe7237faf5a164deb79a1014e91726bbee4c0ae5cbe0cbc37e0903
DeerStealer
c15948678da6fa539c4a81e4686054b51e1f99365d05eb022005fe703e93dfbd
DeerStealer
e0faf08ea3b166be17695d6d0de80018bad7509dc3afe8ac4318d5159dd77e4e
DeerStealer
error
DeerStealer
+ 10 additional samples on MalwareBazaar
Result
Malware family:
hijackloader
Create hunting rule
Score:
  10/10
Tags:
family:deerstealer family:hijackloader defense_evasion discovery loader stealer
Link:
https://tria.ge/reports/251217-vemfmabx5c/
Behaviour
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Windows directory
Suspicious use of SetThreadContext
Enumerates connected drives
Indicator Removal: File Deletion
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Badlisted process makes network request
DeerStealer
Deerstealer family
Detects DeerStealer
Detects HijackLoader (aka IDAT Loader)
HijackLoader, IDAT loader, Ghostulse,
Hijackloader family
Malware family:
IDATLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/45f93ac0b19e/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/45f93ac0b19e3404dd4b9141173bb6d399b2a07087748d85791f3ff09595f805

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DeerStealer

Visual Basic Script (vbs) vbs 45f93ac0b19e3404dd4b9141173bb6d399b2a07087748d85791f3ff09595f805

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/45332/
  
URLhaus
https://urlhaus.abuse.ch/url/3736152/
  
Delivery method
Distributed via web download

Comments