MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4acbd371ca63069fef957bae146c71881d85d84b82ce8c0890193e3229fcc351. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4acbd371ca63069fef957bae146c71881d85d84b82ce8c0890193e3229fcc351
SHA3-384 hash: 7fcc4cfeb858d06b4a2656083efda31698ce4255a74540f455b95cb86f61c2a2ab1156c1ddf8486c46eeb3f53c544983
SHA1 hash: 25146a8e082f62435a637e0fa15d35c9b24e6997
MD5 hash: 36215a997ac1b43de052cade7bcdb1d3
humanhash: beer-cup-seventeen-seven
File name:4acbd371ca63069fef957bae146c71881d85d84b82ce8c0890193e3229fcc351.vbs
Download: download sample
File size:85'146 bytes
First seen:2026-02-27 07:17:41 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 768:488888888ea3a3a3a3a3a3a3aXabr5mEYpeGa300q6zO+GALa3a3a3a3a3a3a3aN:wgtq1q6KAZ
TLSH T15383361ABAEF0109B1725F569EA3A1BB5A7B7D25287C84C804CC26090BD7D41DC91FFB
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Magika vba
Reporter JAMESWT_WT
Tags:vbs xtadts-ddns-net

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/54824/
Detection(s):
SecuriteInfo.com.VBS.Agent-BZK.61748531.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a1453b8fffa866e3b2a8ca
Tags:
xtreme shell sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug anti-vm base64 evasive powershell powershell soft-404
Link:
https://www.filescan.io/uploads/69a1453410e80629d4f4ead3/reports/f5d4c2ca-3545-4e19-852b-fec7e073fbfd/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/4acbd371ca63069fef957bae146c71881d85d84b82ce8c0890193e3229fcc351
Verdict:
Malicious
File Type:
vbs
First seen:
2025-09-25T03:22:00Z UTC
Last seen:
2025-09-25T23:27:00Z UTC
Hits:
~100
Detections:
PDM:Trojan.Win32.Generic Backdoor.Agent.TCP.C&C Trojan.JS.SAgent.sb HEUR:Trojan-Downloader.Script.Generic HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/4acbd371ca63069fef957bae146c71881d85d84b82ce8c0890193e3229fcc351/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4acbd371ca63069fef957bae146c71881d85d84b82ce8c0890193e3229fcc351
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4acbd371ca63069fef957bae146c71881d85d84b82ce8c0890193e3229fcc351/
Verdict:
Malicious
Threat:
Trojan.Agent.TCP
Link:
https://tip.neiki.dev/file/4acbd371ca63069fef957bae146c71881d85d84b82ce8c0890193e3229fcc351
Threat name:
Script-WScript.Trojan.DownloadObfus
Create hunting rule
Status:
Malicious
First seen:
2025-09-25 11:43:43 UTC
File Type:
Text (VBS)
AV detection:
11 of 36 (30.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jlf5g4okmmdj734vpoxbi3drraoylwclqlhiyceqde7dekp4yniq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
defense_evasion discovery execution
Link:
https://tria.ge/reports/260227-h42wdsfx7b/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Hide Artifacts: Ignore Process Interrupts
Command and Scripting Interpreter: PowerShell
Network Share Discovery
Checks computer location settings
Badlisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4acbd371ca63069fef957bae146c71881d85d84b82ce8c0890193e3229fcc351

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/54824/

Comments