MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88614f9e923a5d979c64bee190f05f0932bc01f351ded417c59e1b2a92be560b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88614f9e923a5d979c64bee190f05f0932bc01f351ded417c59e1b2a92be560b
SHA3-384 hash: d5018000a4a397c563f2b255737eb6dbfa6e497aa6f63461d81e1541402b16f233ef71f3ff9999f3c8ec8da195cc6d3f
SHA1 hash: e0008ef9cf53346438e6b496cf61a5ff47b051c2
MD5 hash: 892582ab3eb8cbc2d19d9c03a7986cf0
humanhash: harry-monkey-december-bulldog
File name:Booking.vbs
Download: download sample
File size:1'323 bytes
First seen:2021-08-07 06:47:08 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 24:AP/mnvPmnoy9gy3iXNpPH3bqreIqmQHhXvAN5mPT+mP1EeYI3SDKV:0GPaoy9gsi3PbqrdcAN54i81EeYI3D
Threatray 89 similar samples on MalwareBazaar
TLSH T16D21D010AE8BE0359D1192C65EAD4A61F66E22BAF4745071323FC158D07A5EF35C3E8F
Reporter AndreGironda
Tags:aggah hagga vbs


Avatar
AndreGironda
Email attachment, UDF_Encapsulated_Executable, Booking.img 5ca71998a598641cb077a640141643be6a2073410c955949e37567a1e96dc4a8

Intelligence

File Origin
# of uploads :
1
# of downloads :
174
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/177129/
Detection(s):
SecuriteInfo.com.VBS.TrojanDownloader.Agent.VUE.11242.20217.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/828582
Signature
Creates an undocumented autostart registry key
Obfuscated command line found
Sigma detected: Suspicious PowerShell Command Line
VBScript performs obfuscated calls to suspicious functions
Wscript starts Powershell (via cmd or directly)
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/88614f9e923a5d979c64bee190f05f0932bc01f351ded417c59e1b2a92be560b/
Threat name:
Script.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2021-08-07 06:48:14 UTC
AV detection:
2 of 47 (4.26%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rbqu7hushjozphdex3qzb4c7bezlyaptkhpnif6ftynsvev6kyfq._file
Verdict:
suspicious
Similar samples:
416f3b7993ceaa6819402c66c9b2de0a4de163cd9765dd8dffe81cdbab538c48
59c0a91faf884e242be0d2384d94eba2536a8f155ae568355eed225f2543176e
66af5edcb0b90924a25f4cf764ae81eb754b58da9bde404761f48eafd1ead410
8c9d614da4ea17f4261a105adbe73992c0df1f5639310f78db244fdf3fe338fe
ac4ae7801b367cf16c0ce1a97495a2b0cf51258cf29185acac6f2d56237d237f
c3ddf55e53888193522a7b619370b746cb0a79502c5157a98754a9009f644a11
d9d27f03e2f8bc97451296da9a7ddeac39ede3240306fa198bf898434b58c53c
df047189f75d998dc499072881c762fd001360f5cf184b801cb8c232b5c567f6
f44394f10dd10600a8f25093e76fac442c594ea85debf6bfea0933766529f747
+ 79 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
suricata
Link:
https://tria.ge/reports/210807-j2ldbkj5jj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Blocklisted process makes network request
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
Malware Config
Dropper Extraction:
https://ia601409.us.archive.org/18/items/Documentarylist/Documentarylist.txt
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/88614f9e923a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/88614f9e923a5d979c64bee190f05f0932bc01f351ded417c59e1b2a92be560b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Visual Basic Script (vbs) vbs 88614f9e923a5d979c64bee190f05f0932bc01f351ded417c59e1b2a92be560b

(this sample)

  
Dropping
NjRAT
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/177129/

Comments