MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 769940e161bd543f278dba9c0b5c58edefe07f47dde1bc54c093b752168c45e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 769940e161bd543f278dba9c0b5c58edefe07f47dde1bc54c093b752168c45e7
SHA3-384 hash: 5f2a4fc32f0727290f6c9c9774452c56614624767219e55172f08c6c6920598709960b7d5aff23ac7650cba536961963
SHA1 hash: d3a435c8d5922345da73fece405faff8eb6db4e7
MD5 hash: 22798ade0df21851037277fb3789ea08
humanhash: wolfram-jupiter-twenty-missouri
File name:769940e161bd543f278dba9c0b5c58edefe07f47dde1bc54c093b752168c45e7.vbs
Download: download sample
File size:70'776 bytes
First seen:2025-08-07 11:39:49 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 192:iu5wiaJTZYOSMgqUIEIs1bSLwx4pHg1ZG2lpGMRARchQafeqQBbXT5C5oKpN6Xew:QL9Zf57JXpUqUy5msh
Threatray 207 similar samples on MalwareBazaar
TLSH T19B63B24DBE1E2CC73A91EF28610C01709F7D8611B8996D597A9E3B5A83FEF0C2897D50
Magika vba
Reporter JAMESWT_WT
Tags:198-55-102-200 vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
27
Origin country :
IT IT
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19472/
Detection(s):
SecuriteInfo.com.Script.SNH-gen.1198163423.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=689490e51e8a59ee04e6fe65
Tags:
obfuscate xtreme spawn
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
threat
Link:
https://www.filescan.io/uploads/689490d0397fd3ce6fa0b3f6/reports/15b0542d-786f-4016-aa43-0e33c42a1d28/overview
Verdict:
Suspicious
Labled as:
VBS/Agent.CEJ2
Link:
https://www.hybrid-analysis.com/sample/769940e161bd543f278dba9c0b5c58edefe07f47dde1bc54c093b752168c45e7
Score:
25%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/769940e161bd543f278dba9c0b5c58edefe07f47dde1bc54c093b752168c45e7
Verdict:
Malware
YARA:
3 match(es)
Tags:
Batch Command DeObfuscated Html PowerShell PowerShell Call VBScript WScript.Shell
Link:
https://app.malva.re/file/22798ade0df21851037277fb3789ea08
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/769940e161bd543f278dba9c0b5c58edefe07f47dde1bc54c093b752168c45e7/
Threat name:
Script-WScript.Downloader.RemcosRAT
Create hunting rule
Status:
Malicious
First seen:
2025-07-31 15:35:29 UTC
AV detection:
6 of 24 (25.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o2mubylbxvkd6j4nxkoawxcy5xx6a72h3xq3yvgaso3vefumixtq._file
Verdict:
suspicious
Label(s):
purecrypter
Create hunting rule
Similar samples:
147a67928167e73aefdeec5de007f82c5ed4bf8a904f2abf590cabd682500a4f
3e8983f9eca760cd0d3de50ca7a564e53a0b72e3dab2211febeb5072b20845ee
424ed818acf4242c6cba6490611a4585ed42cc3efcc12d086f7a2359873b5bff
640f79c3e3bd4a3d762a7b94121972dc8a54c02b614e321a18f4ce01ebf53a92
73567ae90c7f723ab21de0de86e70ed248922372b37efa938e634c368f7b0746
7497c530f92f52b36c6ed172862fda4ff7bbc1392f14d22283dec82463c871eb
9ad24b7035b9be487445d712e7a62a0a48f98c6c3373807328aa03a005324f67
d25ce51a5c23df06ac177ac26091a18fda74a57bcf60391b2fdafbdfb589edb9
e5f8cde1a18c395f639e94b3387760bc52c48555bcc3a84233fc5d81e8970304
error
+ 197 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
execution
Link:
https://tria.ge/reports/250807-ntc26sgn6v/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
Malware Config
Dropper Extraction:
http://216.9.224.88/xampp/cv/optimized_MSI.png
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/769940e161bd543f278dba9c0b5c58edefe07f47dde1bc54c093b752168c45e7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19472/

Comments