MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a8d6f66d16d98baefb54cba98117106ad64788310db9112d1980b4ec302b5310. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a8d6f66d16d98baefb54cba98117106ad64788310db9112d1980b4ec302b5310
SHA3-384 hash: 40bc60454ee083ceeaa62950bc5e8148e6bb83fb2879b14240acae7cc0ccd608416eaa1bf029be6e0145591c7f4403dc
SHA1 hash: 7423e27bea1f5765929198af507afa1ee18361a6
MD5 hash: 589f87845833359c70651b2e63e9fd69
humanhash: avocado-carolina-nuts-network
File name:wemadesomebestthingswithbetterattitudeforhere.vbs
Download: download sample
File size:5'166 bytes
First seen:2025-08-04 21:41:23 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 48:kJH58ce6IiWBa4/xv/VqYzu60t207k80Ruph0yk+pxi1+yOAHh6X4UapnwM:kJacOiW5vM60+8G6Tk+zyf6oUapwM
TLSH T171B14F26B80A1729416D6E1F25DEC4BEB8A040441EC1E0257B0DB6F8576F4DD86CFFBA
Magika vba
Reporter James_inthe_box
Tags:exe vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
36
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/18903/
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=689129450b4775fb2136500b
Tags:
autorun xtreme shell sage
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6891294373b8ef6f4afeb694/reports/9f83df51-fe6a-4893-9d58-5ae270758c71/overview
Verdict:
Suspicious
Labled as:
Trojan.Script.VBS
Link:
https://www.hybrid-analysis.com/sample/a8d6f66d16d98baefb54cba98117106ad64788310db9112d1980b4ec302b5310
Score:
8%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/a8d6f66d16d98baefb54cba98117106ad64788310db9112d1980b4ec302b5310
Verdict:
Malware
YARA:
1 match(es)
Tags:
MSXML2.ServerXMLHTTP VBScript WScript.Shell
Link:
https://app.malva.re/file/589f87845833359c70651b2e63e9fd69
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a8d6f66d16d98baefb54cba98117106ad64788310db9112d1980b4ec302b5310/
Verdict:
Malicious
Threat:
Trojan.JS.SAgent
Link:
https://tip.neiki.dev/file/a8d6f66d16d98baefb54cba98117106ad64788310db9112d1980b4ec302b5310
Threat name:
Win32.Dropper.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-08-04 10:15:03 UTC
File Type:
Text (VBS)
AV detection:
2 of 38 (5.26%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vdlpm3iw3gf2562uzouycfyqnllepcbrbw4rclizqc2oymblkmia._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
collection discovery execution persistence
Link:
https://tria.ge/reports/250804-1khyaaxqv7/
Behaviour
Modifies registry class
Scheduled Task/Job: Scheduled Task
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Adds Run key to start application
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
Malware Config
Dropper Extraction:
https://transferprotocolforsharingfiles.cloud/MSI.png
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.46
Link:
https://yomi.yoroi.company/submissions/a8d6f66d16d98baefb54cba98117106ad64788310db9112d1980b4ec302b5310

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/18903/

Comments