MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47dca00b393f5db1a0842506125dda8ec426c699e22de2df32c95d65fb990893. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47dca00b393f5db1a0842506125dda8ec426c699e22de2df32c95d65fb990893
SHA3-384 hash: 4766df9df256be9c8dddfa7c1a5d6ec3491b0690ab7a4d97ddf4641d33a9a48e6c25558010a519b121788bafd3435aa6
SHA1 hash: 182f5654a2c11dc368f7975103cdebeab0c17322
MD5 hash: 1f0243966cf0225e99a8b0c5a1739fd2
humanhash: ten-burger-freddie-edward
File name:780_EXTRATO_34tKk1FFJHB8wQiCtzZ.vbs
Download: download sample
File size:5'189 bytes
First seen:2022-09-18 05:31:53 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 96:PvzXbdyfONkl31dR+DylgZ1S0ixuY2Qm0m:PvroOW1dRi0W3YPmp
Threatray 2'548 similar samples on MalwareBazaar
TLSH T1DEB1BC91E40E3A46E5C4184136974CEAE3F9207971F6BE04E936AD836738660EF46CE7
Reporter abuse_ch
Tags:vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
303
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/311022/
Detection(s):
SecuriteInfo.com.VBS.Heur.ObfDldr.18.0BD7917B.Gen.8711.17534.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6326ad58b564f001cc948575/reports/21c3f000-3b38-4021-95df-bb2695f238f4/overview
Result
Verdict:
MALICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1072390
Signature
Antivirus detection for URL or domain
Command shell drops VBS files
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Obfuscated command line found
Potential malicious VBS script found (suspicious strings)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 704932 Sample: 780_EXTRATO_34tKk1FFJHB8wQi... Startdate: 18/09/2022 Architecture: WINDOWS Score: 96 36 Multi AV Scanner detection for domain / URL 2->36 38 Antivirus detection for URL or domain 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 Potential malicious VBS script found (suspicious strings) 2->42 9 wscript.exe 1 2->9         started        process3 signatures4 44 System process connects to network (likely due to code injection or exploit) 9->44 46 VBScript performs obfuscated calls to suspicious functions 9->46 48 Obfuscated command line found 9->48 50 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 9->50 12 cmd.exe 1 9->12         started        process5 process6 14 cmd.exe 1 12->14         started        16 cmd.exe 2 12->16         started        20 conhost.exe 12->20         started        file7 22 cmd.exe 3 2 14->22         started        30 C:\Users\Public\egoD3Xshg503.vbs, ASCII 16->30 dropped 34 Command shell drops VBS files 16->34 signatures8 process9 process10 24 wscript.exe 14 22->24         started        28 conhost.exe 22->28         started        dnsIp11 32 boggaym1.hopto.org 24.152.39.176, 443, 49707, 49708 MasterDaWebBR unknown 24->32 52 System process connects to network (likely due to code injection or exploit) 24->52 signatures12
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/47dca00b393f5db1a0842506125dda8ec426c699e22de2df32c95d65fb990893/
Threat name:
Script-WScript.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2022-09-17 08:15:26 UTC
File Type:
Text (VBS)
AV detection:
3 of 40 (7.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=i7okaczzh5o3dieeeudbexo2r3ccnruz4iw6fxzszfowl64zbcjq._file
Verdict:
malicious
Similar samples:
02cf1973b602797cce3fe7a5647eb7fd93ca84b6617984ce71eb2d7389fcb120
14f2a593281d5c9700a878f32199aa69b18f10b2d3849d216764f96a3f8a00f9
4533b5392f6e49cf20ee0821b4c8b6b74b8af274995646791ec7fe48a2615425
538da46bffb52cffd821cb51ebd76072b6775773df6113ac1e98edab0ca49a2a
8befc91b605e2dd3ee8917f6e4b2ab943ec7900d257b704955c2defc0328b4d8
b6f39cc063683b87b281bd27cd4b421e2d5925f8bd6f3a5b0355a3f92532111d
d6618f430c04b203394c7887803a2171402efa31427c0835e24c9dec935bf79c
+ 2'538 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220918-f8axcsegan/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/47dca00b393f5db1a0842506125dda8ec426c699e22de2df32c95d65fb990893

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/311022/

Comments