MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b75cfc8d8f78028f5cdc2f03e4aa7be1ad15e567d227d353c6cbc2e378271ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b75cfc8d8f78028f5cdc2f03e4aa7be1ad15e567d227d353c6cbc2e378271ff
SHA3-384 hash: c282a2c6cfea19ec926c398ad5f9f675556e29840ec7dcff887d5105d4837fc93f7d1d8b7a81a3fc46d1ace86366caa8
SHA1 hash: 4984d677f493f4bb1d56214095b30874898725e4
MD5 hash: 6a5583838661534baddf08816e7d5600
humanhash: missouri-island-steak-wolfram
File name:1.vbs
Download: download sample
File size:1'127 bytes
First seen:2026-03-03 11:10:07 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 24:1r5HLDad1pYdoFu6derKWNmC0I+1wgo6ki2nHz9:FFDw8x1B/0ISkP
TLSH T18721AAACAC198247568873F8BBF38758CA61B6973D67AB642541CCE0271C42C9A603A3
Magika vba
Reporter BlinkzSec
Tags:150-241-66-66 vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
GB GB
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/55371/
Detection(s):
Sanesecurity.Malware.25834.JsHeur.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a6c205e1f958bf6683138e
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated sload
Link:
https://www.filescan.io/uploads/69a6c1a297feb4afd666c452/reports/a5f8db26-6559-41d8-b9a4-51e580e81bb7/overview
Verdict:
Malicious
Labled as:
UDS_TrojanDownloader_VBS_SLoad_gen
Link:
https://www.hybrid-analysis.com/sample/7b75cfc8d8f78028f5cdc2f03e4aa7be1ad15e567d227d353c6cbc2e378271ff
Verdict:
Malicious
File Type:
vbs
Detections:
Trojan-Downloader.JS.SLoad.sb HEUR:Trojan-Downloader.VBS.SLoad.gen
Link:
https://opentip.kaspersky.com/7b75cfc8d8f78028f5cdc2f03e4aa7be1ad15e567d227d353c6cbc2e378271ff/results?tab=lookup
Score:
4%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/7b75cfc8d8f78028f5cdc2f03e4aa7be1ad15e567d227d353c6cbc2e378271ff
Verdict:
Malware
YARA:
1 match(es)
Tags:
ADODB.Stream MSXML2.XMLHTTP VBScript Wscript.Shell
Link:
https://app.malva.re/file/6a5583838661534baddf08816e7d5600
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7b75cfc8d8f78028f5cdc2f03e4aa7be1ad15e567d227d353c6cbc2e378271ff/
Verdict:
Malicious
Threat:
Trojan-Downloader.JS.SLoad
Link:
https://tip.neiki.dev/file/7b75cfc8d8f78028f5cdc2f03e4aa7be1ad15e567d227d353c6cbc2e378271ff
Threat name:
Script-WScript.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-03-02 00:39:59 UTC
File Type:
Text (VBS)
AV detection:
8 of 38 (21.05%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pn247sgy66acr5onylyd4svhxynncxswpurh2nj4ns6c4n4coh7q._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
adware discovery ransomware spyware
Link:
https://tria.ge/reports/260303-m9zenses3c/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Modifies registry class
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Time Discovery
Drops file in Windows directory
Checks computer location settings
Badlisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7b75cfc8d8f78028f5cdc2f03e4aa7be1ad15e567d227d353c6cbc2e378271ff

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Visual Basic Script (vbs) vbs 7b75cfc8d8f78028f5cdc2f03e4aa7be1ad15e567d227d353c6cbc2e378271ff

(this sample)

  
X
https://x.com/smica83/status/2028550021998588172
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/55371/

Comments


Avatar
commented on 2026-03-03 14:39:36 UTC

Payload URL:
http://150.241.66.66/NEMO777.txt