MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b3296db81da2719713c5af6ad8a09213f7c676f0cc6858174a63a2cfa4f387d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	9b3296db81da2719713c5af6ad8a09213f7c676f0cc6858174a63a2cfa4f387d
SHA3-384 hash:	095cafc4eadc3b79f0ca4f23e66da31fb2fb621e72609a8a7aa3e33c339f76ba1016c8c86b69ab96f682831482a76643
SHA1 hash:	cdee7f039a4edc3719d837986ea9ee9deed01e74
MD5 hash:	8d79179a4eb8e66f8c7c581b051ae515
humanhash:	maine-video-maryland-don
File name:	Statement-03-2026.vbs
Download:	download sample
File size:	1'456 bytes
First seen:	2026-04-28 18:23:08 UTC
Last seen:	Never
File type:	vbs
MIME type:	text/plain
ssdeep	24:Tb47c+wLldus3x9+y/DWHSfKKE2+bSKpH/7TUo3yNRRKqah7khvCwABMeCAAH:3BTB9+3z32+ZMo3+Ri7avT+CAAH
Threatray	1'911 similar samples on MalwareBazaar
TLSH	T1A031125EFD0AC8835F73DAB666618E3DCEB14223582095547A81CC943F2933C4AED693
Magika	vba
Reporter	Anonymous
Tags:	vbs

Intelligence

File Origin

# of uploads :

1

# of downloads :

75

Origin country :

US

Vendor Threat Intelligence

No detections

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/63924/

Detection(s):

SecuriteInfo.com.VBS.Downloader-2.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

expand lolbin lolbin masquerade msiexec rundll32 wscript

Link:

https://www.filescan.io/uploads/69f0fb318a82359247b80a70/reports/29b750f8-fc57-4d56-b2c7-d9fc7fd009f0/overview

Verdict:

Malicious

Labled as:

Script.HttpDldr

Link:

https://www.hybrid-analysis.com/sample/9b3296db81da2719713c5af6ad8a09213f7c676f0cc6858174a63a2cfa4f387d

Verdict:

Clean

File Type:

vbs

First seen:

2026-04-29T16:33:00Z UTC

Last seen:

2026-04-30T01:42:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/9b3296db81da2719713c5af6ad8a09213f7c676f0cc6858174a63a2cfa4f387d/results?tab=lookup

Score:

55%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/9b3296db81da2719713c5af6ad8a09213f7c676f0cc6858174a63a2cfa4f387d

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9b3296db81da2719713c5af6ad8a09213f7c676f0cc6858174a63a2cfa4f387d/

Verdict:

Malicious

Link:

https://tip.neiki.dev/file/9b3296db81da2719713c5af6ad8a09213f7c676f0cc6858174a63a2cfa4f387d

Threat name:

Win32.Trojan.Malgent

Status:

Malicious

First seen:

2026-04-28 17:25:26 UTC

File Type:

Text (VBS)

AV detection:

7 of 24 (29.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tmzjnw4b3itrs4j4ll3k3cqjee7xyz3pbtdilaluuy5cz6sphb6q._file

Verdict:

malicious

Label(s):

admintool_screenconnect

Similar samples:

0a90b4ff29bb6231693fec656e0eed463b2df9604dc074c61fb75ebfa2e856a0

38ca5502ef30e39e5fe5ba65869f742f62991264ab92f70d3fcefc7a13635bdc

3f2de9f29834ca7fb64dc53ac7415e9903b1cfb23e52b1b0a28dc08798c2f790

44b6aceca9302e75538237faf85946c7833c28e290de8941e50c72e6310e043a

769425ae9eeea1a3a4194ce82a72ffb4ec141f71b17616e73c6e6ae757bd2626

ab23b919288b756b32a2a7f9853368a14b6387dfb8f8f939d19b40bcb00f8e2b

ba6cffff4ea8e18385f54a24744dd905fd74559c1b8f67f2533f0d8f5343b2e0

c8de7e0162e459b2cfb2c85f5e5ff554f1e70eaab8fa58a9fd5afbc93fbef969

d09a41581c732f175b4017608a74afd636cc32bde5f56e3d9bd1ca53ef6ec29c

dbd971eeb2ed0f64f223a7cff200535302f999a458b6bf9b906c2c94dce9cd36

+ 1'901 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

backdoor discovery persistence privilege_escalation rat revoked_codesign

Link:

https://tria.ge/reports/260428-w1zthsc13v/

Behaviour

Checks processor information in registry

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Drops file in Program Files directory

Drops file in Windows directory

Boot or Logon Autostart Execution: Authentication Package

Drops file in System32 directory

Enumerates connected drives

Checks computer location settings

ConnectWise ScreenConnect remote access tool

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Badlisted process makes network request

Sets service image path in registry

Signed with revoked ConnectWise certificate

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9b3296db81da2719713c5af6ad8a09213f7c676f0cc6858174a63a2cfa4f387d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/63924/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample