MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85b2e7daec1922065d49434c77e1c8b2fb789eb267158239ef3e2b6ffa54c238. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85b2e7daec1922065d49434c77e1c8b2fb789eb267158239ef3e2b6ffa54c238
SHA3-384 hash: 9cbdd7c89f19ac509b78a466152b0d8b60cf66c933b5e37886d9b47589385e348b45feb52cf4b3e3245bb88a70b2f765
SHA1 hash: 5d4f8acc51892dc4ac1edf6f9a261906169758ec
MD5 hash: c7b3ba556e13cdd2fcf8cfff1fd3b66e
humanhash: tennessee-winter-iowa-september
File name:330_FICHERO_bE7PP2WuXUHinxvGLMChEsU.vbs
Download: download sample
File size:4'079 bytes
First seen:2022-04-14 05:47:56 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 96:qQmoMGZ3bB8RmcHnmRabNml4oXB5bNTqDldyI:QPG9eHnmRabNml4oR5bNTqp4I
Threatray 1'610 similar samples on MalwareBazaar
TLSH T12A81EA54B9013BCDC869DEDD0A8999D57E8C1E34D92F136B9CECF0C22C68417E16BA98
Reporter abuse_ch
Tags:vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
224
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/263575/
Detection(s):
SecuriteInfo.com.VBS.Heur2.ObfDldr.34.D9CD431E.Gen.13938.10054.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/976590
Signature
Command shell drops VBS files
Obfuscated command line found
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Sigma detected: Windows Shell File Write to Suspicious Folder
Sigma detected: WScript or CScript Dropper
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 609073 Sample: 330_FICHERO_bE7PP2WuXUHinxv... Startdate: 14/04/2022 Architecture: WINDOWS Score: 68 36 Sigma detected: Windows Shell File Write to Suspicious Folder 2->36 38 Sigma detected: WScript or CScript Dropper 2->38 9 wscript.exe 2->9         started        process3 signatures4 40 System process connects to network (likely due to code injection or exploit) 9->40 42 Obfuscated command line found 9->42 44 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 9->44 12 cmd.exe 1 9->12         started        process5 process6 14 cmd.exe 1 12->14         started        16 cmd.exe 2 12->16         started        20 conhost.exe 12->20         started        file7 22 cmd.exe 3 2 14->22         started        30 C:\Users\Public\k3IQibOtKxm9307.vbs, ASCII 16->30 dropped 34 Command shell drops VBS files 16->34 signatures8 process9 process10 24 wscript.exe 14 22->24         started        28 conhost.exe 22->28         started        dnsIp11 32 clear.merseine.com 198.50.220.57, 443, 49756, 49757 OVHFR Canada 24->32 46 System process connects to network (likely due to code injection or exploit) 24->46 signatures12
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/85b2e7daec1922065d49434c77e1c8b2fb789eb267158239ef3e2b6ffa54c238/
Threat name:
Script-WScript.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2022-04-14 05:48:11 UTC
File Type:
Text (VBS)
AV detection:
3 of 42 (7.14%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qwzopwxmderamxkjinghpyoiwl5xrhvsm4kyeopphyvw76suyi4a._file
Verdict:
malicious
Similar samples:
067e76900265c87d66a44f765bb720bd310e52181badf19efd63f30210f62001
280925849cd341c089c250b6609a0cab91026578f98bc2c45cb924dc9c8967a5
2e0aa995df9b6a99e37601b1d7dea6fb85f6c7130980a8c2a275370efb6f0236
36e08c2df39cd84d8969a95de6a6882fbc954e7ca31a5a5d4be8ec33cfa84649
3a40d13ba6b30c31d8d5380b61806ec76355f4c10a3c242eff71ddc020907be7
4ab15234cdc0baf746b77352e6d47af4643544c48c32653bd215c6e5296b6f3c
8abaa521a014cdbda2afe77042f21947b147197d274bf801de2df55b1e01c904
914cd602a58f69dd35dd207d8128807926a139f27f4d8b7b2b958041783bc10c
d17133253e57854119a62729965ace0d1e4201561b6f313d5e72a14186e445e6
ec86b00b3f187f93e86711f82043af2ec359861bd60497b53998b0a28bc20d3e
+ 1'600 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220414-ghfwcsgggj/
Behaviour
Modifies registry class
Modifies system certificate store
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/85b2e7daec1922065d49434c77e1c8b2fb789eb267158239ef3e2b6ffa54c238

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/263575/

Comments