MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7682422fbf1ea8822eb5361adb5ed7b4c9580781ad88502278b4bc2f9b591397. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7682422fbf1ea8822eb5361adb5ed7b4c9580781ad88502278b4bc2f9b591397
SHA3-384 hash: 62d3c1baf66e5de85477ee63f94f6b8447f2aec2bef78dfb1e4dc411bd2988f92654329de5d3aaafc9654b8d7839e0c2
SHA1 hash: 72c3a8a7bfa6c771d35fb81d7a2b7d21e31053f9
MD5 hash: a1ba88134955b82354528e114578f62f
humanhash: batman-fruit-equal-bluebird
File name:xx.vbs
Download: download sample
File size:2'374 bytes
First seen:2022-08-15 09:17:07 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 48:pP8sWTy7OBOwVTxttcBEEpLFtUcVJoyo8P5ZZ:pVWJOw3tGlpLUc95ZZ
Threatray 2'241 similar samples on MalwareBazaar
TLSH T18D41AFC95C44E76E9FCC221EE097F8875660BB27D6A64E144BCB0ACA35F504CB189CB7
Reporter ankit_anubhav
Tags:vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
189
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/298617/
Detection(s):
SecuriteInfo.com.VBS.Electryon.55.23231.21258.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/62fa0f88810e2831b74b74f5/reports/88884362-6863-402a-9ea1-f0744b64aaea/overview
Result
Verdict:
UNKNOWN
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1051405
Signature
Antivirus detection for URL or domain
Command shell drops VBS files
Obfuscated command line found
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 683915 Sample: xx.vbs Startdate: 15/08/2022 Architecture: WINDOWS Score: 76 36 Antivirus detection for URL or domain 2->36 9 wscript.exe 2->9         started        process3 signatures4 38 System process connects to network (likely due to code injection or exploit) 9->38 40 VBScript performs obfuscated calls to suspicious functions 9->40 42 Obfuscated command line found 9->42 44 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 9->44 12 cmd.exe 1 9->12         started        process5 process6 14 cmd.exe 1 12->14         started        16 cmd.exe 2 12->16         started        20 conhost.exe 12->20         started        file7 22 cmd.exe 3 2 14->22         started        30 C:\Users\Public\KefYf3ngx57.vbs, ASCII 16->30 dropped 34 Command shell drops VBS files 16->34 signatures8 process9 process10 24 wscript.exe 14 22->24         started        28 conhost.exe 22->28         started        dnsIp11 32 8fu11.hopto.org 206.81.8.116, 443, 49739, 49741 DIGITALOCEAN-ASNUS United States 24->32 46 System process connects to network (likely due to code injection or exploit) 24->46 signatures12
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7682422fbf1ea8822eb5361adb5ed7b4c9580781ad88502278b4bc2f9b591397/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o2beel57d2uielvvgynnwxwxwtevqb4bvwefaityws6c7g2zcolq._file
Verdict:
unknown
Similar samples:
076ef4ca884b774579713f120329d8c3b7b973f41ff17a50f221cd3d3bbf1377
13a0b3e462a014b605489df82b082618b64d7292140bbfdbb7b58e683cb80b3b
32fe263a8ffc6bc490c545d6394638347164e676a79e537037f8b0c9691194ef
34211e5c3790f76a96eb915fc89ec3fd9c179c2138404ba994387dc5903f575c
36e08c2df39cd84d8969a95de6a6882fbc954e7ca31a5a5d4be8ec33cfa84649
4ab15234cdc0baf746b77352e6d47af4643544c48c32653bd215c6e5296b6f3c
543e39242762d61e740f9c22c173f914cf01dd88c22ad61e65d2c18d9f5162ca
8abaa521a014cdbda2afe77042f21947b147197d274bf801de2df55b1e01c904
f273edc1367f3b4031946254ff4f2d32c2c82f6a7aabbeab86153d5728e0766e
+ 2'231 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220815-k9lsgaghek/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.54
Link:
https://yomi.yoroi.company/submissions/7682422fbf1ea8822eb5361adb5ed7b4c9580781ad88502278b4bc2f9b591397

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/298617/

Comments