MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 958a20415c168faffee4e9d9f61e496012a9138fc20faf361c3d8102b5b91c08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


VIPKeylogger


Vendor detections: 11


Intelligence 11 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 958a20415c168faffee4e9d9f61e496012a9138fc20faf361c3d8102b5b91c08
SHA3-384 hash: c7af346a5f93be2b43dabfff35fb012ebd9b15e6b7094972684a3df49149a9ad377771612e8a458c0ffe149c7a4edbb4
SHA1 hash: 9a1d01aa180afdf1a641b514e5a458d82a05896d
MD5 hash: 0656ef0c3118209d5e3f06275c7027d3
humanhash: berlin-venus-kitten-robert
File name:TBHD_885966552066 885966552066.pdf.js
Download: download sample
Signature VIPKeylogger
Create hunting rule
File size:337'166 bytes
First seen:2025-11-17 13:17:14 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 6144:WKNvtUXDvYj37p0alaEfAOAbiKyaJ+ehJK7E2:dNvtCQjLdl+OMi/aJ+ew
Threatray 206 similar samples on MalwareBazaar
TLSH T17C647539FE3AFCF6826FFDA5E2B1877607555A23FB1CD90CE840F01118495AB1618A4B
Magika javascript
Reporter James_inthe_box
Tags:exe js VIPKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
US US
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BAT.Obfus-10.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=691b2067434cd67b17c277f0
Tags:
autorun spam
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm base64 evasive fingerprint masquerade obfuscated powershell powershell repaired
Link:
https://www.filescan.io/uploads/691b2063cb2c297829f20955/reports/9004b8ce-d0dd-4727-8b34-b15bdaf3bd0e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/958a20415c168faffee4e9d9f61e496012a9138fc20faf361c3d8102b5b91c08
Verdict:
Malicious
File Type:
js
First seen:
2025-11-17T00:11:00Z UTC
Last seen:
2025-11-19T11:22:00Z UTC
Hits:
~1000
Detections:
Trojan.PowerShell.AmsiBypass.sb HEUR:Trojan.PowerShell.Tesre.sb Trojan-Downloader.JS.Cryptoload.sb Trojan.VBS.SAgent.sb HEUR:Trojan-Downloader.Script.Generic Trojan.JS.SAgent.sb HEUR:Trojan.Script.SAgent.gen HEUR:Trojan.Script.Generic HEUR:Trojan.BAT.Tesre.gen BSS:Trojan.Win32.Generic Trojan.BAT.Agent.sb PDM:Trojan.Win32.Generic
Link:
https://opentip.kaspersky.com/958a20415c168faffee4e9d9f61e496012a9138fc20faf361c3d8102b5b91c08/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/958a20415c168faffee4e9d9f61e496012a9138fc20faf361c3d8102b5b91c08
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/958a20415c168faffee4e9d9f61e496012a9138fc20faf361c3d8102b5b91c08/
Verdict:
Malicious
Threat:
Family.SNAKE
Link:
https://tip.neiki.dev/file/958a20415c168faffee4e9d9f61e496012a9138fc20faf361c3d8102b5b91c08
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-11-17 04:04:34 UTC
File Type:
Text (JavaScript)
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=swfcaqk4c2h277xe5hm7mhsjmajkse4pyih26nq4hwaqfnnzdqea._file
Verdict:
malicious
Label(s):
vipkeylogger
Create hunting rule
Similar samples:
03034db898bb76e51b941005585251b64956ae5ff4ce2e55cbbdab9174e00a55
VIPKeylogger
05afcd6fed8fc4ae9c43f7de2c0d717eb02f91fed941246231d88cfb01170400
VIPKeylogger
10d96a57b4a446b30816229307984a151f1d319eb8e25fdffb0b6185055f778a
VIPKeylogger
6f96b534bcfec55b97dbeb18cbeaf59c2a7b745e667fea1a0998b1ff9df72b45
VIPKeylogger
750178918522765b83b32510dce10c8cf9614ae72b95539f93b8ba7088bb1779
VIPKeylogger
80943dad82a060b3506f2312c2d282f117e08a1b16cd9f1f6fcaf852be916407
VIPKeylogger
833273614f0b78225a6b6975e70c0a07cc0052a448c3eb175cf6af0edb6ed4b3
VIPKeylogger
aaddb0601ec56272d1fa36b29bd5c35d9d8705841a16a84dcee9f0698b2bde15
VIPKeylogger
dfcfd9411491364986e5933eac3626e484c6fcf3921ddb86fe99edf180ecc225
VIPKeylogger
error
VIPKeylogger
+ 196 additional samples on MalwareBazaar
Result
Malware family:
vipkeylogger
Create hunting rule
Score:
  10/10
Tags:
family:vipkeylogger collection discovery execution keylogger stealer
Link:
https://tria.ge/reports/251117-qjjs3sylcz/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
System Location Discovery: System Language Discovery
Accesses Microsoft Outlook profiles
Command and Scripting Interpreter: PowerShell
Looks up external IP address via web service
Drops startup file
Badlisted process makes network request
Process spawned unexpected child process
VIPKeylogger
Vipkeylogger family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/958a20415c168faffee4e9d9f61e496012a9138fc20faf361c3d8102b5b91c08

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments