MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4862f1c60d9d38d380c65e25abba41bbfd778bf1b6884df90a484f5136b1fc0a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DarkCloud

Vendor detections: 12

Intelligence 12 IOCs YARA 2 File information Comments

SHA256 hash:	4862f1c60d9d38d380c65e25abba41bbfd778bf1b6884df90a484f5136b1fc0a
SHA3-384 hash:	6cdb5ae4e28c63f28be6f3177d626c2aa29087c19ccbab256eabcba52082baefd6964bebedcebdf3586528182a766797
SHA1 hash:	187cb0d67cee76a0a42bf5f9c458bc1617b2014f
MD5 hash:	591697c5019e7a0e789ec906510b847b
humanhash:	iowa-summer-lion-crazy
File name:	mondayscript.vbs
Download:	download sample
Signature	DarkCloud Create hunting rule
File size:	143'073 bytes
First seen:	2025-09-01 16:16:19 UTC
Last seen:	Never
File type:	vbs
MIME type:	text/plain
ssdeep	1536:SHe30TVgg/bSm5Ge3YSXiPit0j8jeMrj2jhZ9/UZjmVYXiKMybqTpDNt0GOOPB6z:vkTFeuGKXiUyCqjKar1W/y98
Threatray	334 similar samples on MalwareBazaar
TLSH	T1DCE31D52E70760F4947A11B3AD3BD21AFF9C305FA3166688F94C40A94FB26E8817779C
Magika	vba
Reporter	pr0xylife
Tags:	DarkCloud vbs

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/24594/

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68b5c6f2eb163e0ec18418d9

Tags:

obfuscate xtreme spawn

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 evasive obfuscated obfuscated powershell

Link:

https://www.filescan.io/uploads/68b5c6f66212e2f74266e5ab/reports/705e8ba7-2439-42d9-aaab-9cd5d1fe1327/overview

Verdict:

Suspicious

Labled as:

Trojan.Script.VBS

Link:

https://www.hybrid-analysis.com/sample/4862f1c60d9d38d380c65e25abba41bbfd778bf1b6884df90a484f5136b1fc0a

Verdict:

Malicious

File Type:

vbs

First seen:

2025-09-01T14:52:00Z UTC

Last seen:

2025-09-01T14:52:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/4862f1c60d9d38d380c65e25abba41bbfd778bf1b6884df90a484f5136b1fc0a/results?tab=lookup

Score:

63%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/4862f1c60d9d38d380c65e25abba41bbfd778bf1b6884df90a484f5136b1fc0a

Verdict:

Malware

YARA:

1 match(es)

Tags:

DeObfuscated Obfuscated Scripting.Dictionary T1059.005 VBScript

Link:

https://app.malva.re/file/591697c5019e7a0e789ec906510b847b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4862f1c60d9d38d380c65e25abba41bbfd778bf1b6884df90a484f5136b1fc0a/

Threat name:

Script-WScript.Trojan.AgentTesla

Status:

Malicious

First seen:

2025-09-01 16:17:39 UTC

File Type:

Text (VBS)

AV detection:

9 of 38 (23.68%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jbrpdrqntu4nhagglys2xosbxp6xpc7rw2ee36ikjbhvcnvr7qfa._file

Verdict:

malicious

Label(s):

darkcloudstealer

DarkCloud

567f768cff1b5969e082271fd31ed9bd6d1b264ba2f2525937e12006a5569977

DarkCloud

6bc677ac4c36cb99e3170edb2b29b8e8b47399a2896f8f0c6fa998b4337bcf35

DarkCloud

b913d0ba4c81312099d6776c0c0806486254be12e7b0cb0ce19b9fa9203397f3

DarkCloud

c208d8d0493c60f14172acb4549dcb394d2b92d30bcae4880e66df3c3a7100e4

DarkCloud

d58ef7f6352296a5f9052e5bb522a0556037f373b27dd1bf4c53a521f0f7a0a8

DarkCloud

dacfee8b1805f6536369bf401c7104946429f2e68c4e7143b60d9153b23c7c76

DarkCloud

e119c6c5485307075a1e5d0950a77f978f7f17e23c315ed8c38cc1259b8af26f

DarkCloud

error

DarkCloud

+ 324 additional samples on MalwareBazaar

Result

Malware family:

darkcloud

Score:

10/10

Tags:

family:darkcloud discovery execution stealer

Link:

https://tria.ge/reports/250901-tq6szaymw5/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

DarkCloud

Darkcloud family

Process spawned unexpected child process

Malware Config

Dropper Extraction:

https://archive.org/download/optimized_msi_20250821/optimized_MSI.png

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4862f1c60d9d38d380c65e25abba41bbfd778bf1b6884df90a484f5136b1fc0a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_AllMal_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication

Rule name:	detect_tiny_vbs Create hunting rule
Author:	daniyyell
Description:	Detects tiny VBS delivery technique

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/24594/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample