MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 948eced5fa27e7fc39b404778a20a98d2614158f4f54f1d151de933066045b10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 948eced5fa27e7fc39b404778a20a98d2614158f4f54f1d151de933066045b10
SHA3-384 hash: 50c3d4107919a7f5a48236895b7487ff9466f06a67506af5420731a7843d7780c235a8f549993632ed04804fffa1d407
SHA1 hash: bf4ee01d83e0d891d916e6d86e54363497a1fefc
MD5 hash: 26b272d3c3f20941e4190b8e3a2f97bf
humanhash: sink-kentucky-moon-angel
File name:msg001.vbs
Download: download sample
File size:11'510 bytes
First seen:2022-09-14 13:24:42 UTC
Last seen:2022-09-14 16:13:39 UTC
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 192:M4i/8RVW5eFon8ChKhQGh2hFhuOTZ4snEspE+:M4i/8RVW5wo8ChKhQGh2hFhuynpE+
Threatray 2'513 similar samples on MalwareBazaar
TLSH T19632C237E69E78492B37529AA89CFD4C64F2057DE9182EDF5CC4BC02E458221C7AF706
Reporter abuse_ch
Tags:vbs

Intelligence

File Origin
# of uploads :
3
# of downloads :
249
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/310037/
Detection(s):
SecuriteInfo.com.VB.Trojan.Valyria.7188.9842.21272.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1070307
Signature
Obfuscated command line found
VBScript performs obfuscated calls to suspicious functions
Very long command line found
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 702851 Sample: msg001.vbs Startdate: 14/09/2022 Architecture: WINDOWS Score: 56 7 wscript.exe 6 2->7         started        signatures3 20 VBScript performs obfuscated calls to suspicious functions 7->20 22 Obfuscated command line found 7->22 24 Very long command line found 7->24 10 cmd.exe 1 7->10         started        process4 process5 12 cmd.exe 1 10->12         started        14 conhost.exe 10->14         started        process6 16 cmd.exe 1 12->16         started        18 findstr.exe 1 12->18         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/948eced5fa27e7fc39b404778a20a98d2614158f4f54f1d151de933066045b10/
Threat name:
Script-WScript.Downloader.SLoad
Create hunting rule
Status:
Malicious
First seen:
2022-09-14 07:53:26 UTC
File Type:
Text (VBS)
AV detection:
11 of 26 (42.31%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sshm5vp2e7t7yonuar3yuifjrutbifmpj5kpdukr32jtazqelmia._file
Verdict:
unknown
Similar samples:
273ad5a2b3f62bd80b72a345fc153d30f3852301ed8d60ad40584086d7ee7735
39908c43e4124d6fd3362a5cf04cfbc4ac601ee35faf84a21c7979fdf74f05a6
6d6ebf1870d5d9c6bfebdc9fee3a3f381f86b32770f34df41364f905a489486c
bc12a9f0d046b1c0e2d783f1ad825a0190669e36b00f1070d32bd55566be85ef
cacc32ab0a1880afd74a040e8211662789cb70b252c25cb2d5971b707455ff5d
d2205532e27cf8ae9dbc0a62fdf3fca598f5fa8f9cc948bec49df54b0b8a8cd6
e0ba9bc255356e77c0953b12176294874fedc482796db4c2a3e8e23e1085ae0e
e1dcadc94c7659b12eca375e35858bf68ea02a626078dd5e41eb9bede572417c
f18081303b2e06b3bb5c6503a78350a1298dbc650a6bfa9961e3bf6e522d7a83
+ 2'503 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
collection
Link:
https://tria.ge/reports/220914-qnyg2aebdp/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Checks computer location settings
Blocklisted process makes network request
Downloads MZ/PE file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/948eced5fa27e7fc39b404778a20a98d2614158f4f54f1d151de933066045b10

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/310037/

Comments