MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9820b21d74270de61e9c350b7e37f2bad95d6fd6a2ef1faca9f3ea40b04e3eda. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9820b21d74270de61e9c350b7e37f2bad95d6fd6a2ef1faca9f3ea40b04e3eda
SHA3-384 hash: 399460d359dab547f35065895c753e1ffa84b20fcd2eaef1174af034fb36c83fe3ff9cdc00d4649c33e54e0d35b8ee91
SHA1 hash: 44a47433b5b27b801d2d9915d07916f80c385c3f
MD5 hash: d1dc542c901b7df84652893e916239e6
humanhash: pip-rugby-seventeen-vegan
File name:4.vbs
Download: download sample
File size:25'050 bytes
First seen:2023-11-29 07:41:18 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 768:sowB8MBVVLMthWqtFHsLSMAw0Ph8zpkJYmLG:soknB3oxMN0J80ti
Threatray 1'115 similar samples on MalwareBazaar
TLSH T11BB2631FD6B3428C2BE06345D3026E6B6682E552F03109163F5CEB995FF9393E5A107E
Reporter petrovic
Tags:vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
FI FI
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/461129/
Detection(s):
SecuriteInfo.com.VBS.BackDoor.Siggen.17.4549.22447.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Labled as:
Valyria
Link:
https://www.hybrid-analysis.com/sample/9820b21d74270de61e9c350b7e37f2bad95d6fd6a2ef1faca9f3ea40b04e3eda
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1349751
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Potential context-aware VBS script found (checks for environment specific values)
Potential malicious VBS script found (has network functionality)
Potential malicious VBS script found (suspicious strings)
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Behaviour
Behavior Graph:
Download SVG
Score:
95%
Verdict:
Malware
File Type:
ASCII
Link:
https://malprob.io/report/9820b21d74270de61e9c350b7e37f2bad95d6fd6a2ef1faca9f3ea40b04e3eda
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9820b21d74270de61e9c350b7e37f2bad95d6fd6a2ef1faca9f3ea40b04e3eda/
Threat name:
Script-WScript.Trojan.Valyria
Create hunting rule
Status:
Malicious
First seen:
2023-11-29 07:42:05 UTC
File Type:
Text (VBS)
AV detection:
9 of 23 (39.13%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=taqlehlue4g6mhu4gufx4n7sxlmv236wulxr7lfj6pvebmcoh3na._file
Verdict:
malicious
Similar samples:
4ae67a52de5f2bcaea6c9158b4b2dfd3b2953885c34063547b736a4a1096fcb2
594d61a4bcbcc6503743aae78c47f798557492ba9c0704c3aa188f528b50c5e3
67dfdca1a2d42035d8ef9bde053531051793e2f13e30b8f1fe0a81fdd52e99fb
8a013b99a9b82e0f67b3e472f7627052915507916311f10cac5b69e87f3d19d4
8fe933e8bf76350e1a991f00cb12b9071ba17f5586a001e17da49e6892ac34f5
b3abbc4d6ecd9a9774e53fca4639b59cd5e24fde9bf97742b046ece663eb2e41
dc6132f9c63cd966c76790f0761299f92c31684197e40a949c4e1eb9a539bfc8
e15347eeeba6fb5f12440c9c2720d8055747cd973fde267d7e159f40efa62ab5
fae591d3e1cea136791a06b8c59265af25eccf0d30b8500c9e8c664708e1937a
+ 1'105 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
collection
Link:
https://tria.ge/reports/231129-jjnzgaeh7z/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook accounts
Checks computer location settings
Drops startup file
Executes dropped EXE
Loads dropped DLL
Blocklisted process makes network request
NirSoft MailPassView
NirSoft WebBrowserPassView
Nirsoft
Malware family:
MailPassView
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/9820b21d7427/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9820b21d74270de61e9c350b7e37f2bad95d6fd6a2ef1faca9f3ea40b04e3eda

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/461129/

Comments