MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 63f96948e2090360c6a0b64e097db4e0f36cc0c1f927ae9740c576b0b3a68d6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	63f96948e2090360c6a0b64e097db4e0f36cc0c1f927ae9740c576b0b3a68d6d
SHA3-384 hash:	63907258718c622b627d8ca075605fe012eafee7203567f381721f080be748577859822e7b3870808c1f545a3af77e90
SHA1 hash:	7919e6342b2f79c027fa769b976731cac932ed8b
MD5 hash:	712e0aaccd6d367b8c9e3ade7b506a59
humanhash:	diet-sad-lima-queen
File name:	payload.vbs
Download:	download sample
File size:	799 bytes
First seen:	2024-12-13 12:32:05 UTC
Last seen:	Never
File type:	vbs
MIME type:	text/plain
ssdeep	12:k6MWmpUfv99zwGyxWQA7GUGyB09oARAsMdcjHpVsHQQJ41Bi9gUQT7CTspivRUYS:8WuUH99zvGGyrZdAsDJVp2qCKWTs+hq7
TLSH	T19401CEEBEC1AE102467425E1D6A14B04EFA1E4073011A415BD82E8071B35278D3340AF
Magika	vba
Reporter	lontze7
Tags:	vbs

Intelligence

File Origin

# of uploads :

# of downloads :

106

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.JS.Downloader-24.UNOFFICIAL

SecuriteInfo.com.VBS.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Score:

97.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=675c380389dbe21623515fd3

Tags:

trojandownloader virus html

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

masquerade

Link:

https://www.filescan.io/uploads/675c2984bcbfe745996d7a0e/reports/05b9ecee-f2fe-455b-a501-095861ed6c90/overview

Verdict:

Suspicious

Labled as:

Trojan.Script.VBS

Link:

https://www.hybrid-analysis.com/sample/63f96948e2090360c6a0b64e097db4e0f36cc0c1f927ae9740c576b0b3a68d6d

Result

Verdict:

UNKNOWN

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1574708

Signature

AI detected suspicious sample

Potential malicious VBS script found (has network functionality)

Sigma detected: Script Initiated Connection to Non-Local Network

Sigma detected: WScript or CScript Dropper

System process connects to network (likely due to code injection or exploit)

VBScript performs obfuscated calls to suspicious functions

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Behaviour

Behavior Graph:

Download SVG

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/63f96948e2090360c6a0b64e097db4e0f36cc0c1f927ae9740c576b0b3a68d6d

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/63f96948e2090360c6a0b64e097db4e0f36cc0c1f927ae9740c576b0b3a68d6d/

Threat name:

Script-JS.Trojan.Heuristic

Status:

Malicious

First seen:

2024-12-13 13:09:15 UTC

File Type:

Text (VBS)

AV detection:

7 of 38 (18.42%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=mp4wsshcbebwbrvawzhas7nu4dzwzqgb7et25f2ayv3lbm5grvwq._file

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/241213-qpg7fazlbv/

Behaviour

Modifies system certificate store

Blocklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

vbs 63f96948e2090360c6a0b64e097db4e0f36cc0c1f927ae9740c576b0b3a68d6d

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3347921/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample