MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4aaf1d9e71e42f0d3ea42dbb5877248e7ccd52a5dbc4a7dcd51b6c190fbbe60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	c4aaf1d9e71e42f0d3ea42dbb5877248e7ccd52a5dbc4a7dcd51b6c190fbbe60
SHA3-384 hash:	d533fa647b8fd95e4f1f1de824bf15a8638334d5d5da0c474a6b0571f7c83a46c348ae8aa6afba7479f425d031c94c56
SHA1 hash:	7a08423254d3b6fbbd7efd48e3e05cddc2fbb6d0
MD5 hash:	2331a5b3ff0cb0b0f25499037521fe4b
humanhash:	august-oscar-alanine-hot
File name:	OUR ORDER.vbs
Download:	download sample
File size:	790'387 bytes
First seen:	2021-09-27 08:18:14 UTC
Last seen:	Never
File type:	vbs
MIME type:	text/plain
ssdeep	6144:j9ovPnGl8Jq9XdY22YKNjEFfs+4bocZDXw:pPlkq9XdY227Njz/bw
Threatray	1'813 similar samples on MalwareBazaar
TLSH	T16BF4E6F0A143AE9ACA1D29B0033D3DE9F87A985B563EC75BDA91006178170F9ED7D183
Reporter	abuse_ch
Tags:	vbs

Intelligence

File Origin

# of uploads :

1

# of downloads :

140

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/191933/

Detection(s):

SecuriteInfo.com.Generic-EXE.UNOFFICIAL

SecuriteInfo.com.PUA.Base64EXE-2.UNOFFICIAL

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/858881

Signature

.NET source code contains potential unpacker

.NET source code contains very large strings

Benign windows process drops PE files

Multi AV Scanner detection for submitted file

Potential malicious VBS script found (has network functionality)

VBScript performs obfuscated calls to suspicious functions

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c4aaf1d9e71e42f0d3ea42dbb5877248e7ccd52a5dbc4a7dcd51b6c190fbbe60/

Threat name:

Script-WScript.Backdoor.Bladabhindi

Status:

Malicious

First seen:

2021-09-27 08:19:09 UTC

AV detection:

19 of 45 (42.22%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ysvpdwphdzbpbu7kiln3lb3sjdt4zvjklw6eu7onkg3mdeh3xzqa._file

Verdict:

malicious

Similar samples:

1e89ff960f161816b8b30fa8a1c75401cc3b9a7554c99cf9dda142712dd81e54

35ead1509ef16cc4518f6344a09ac4a93881ba8380a57a9f75a1c0beca41c9d6

57425bd807dc8979b3087a314082add276d735d7c01306bc2f66bd26c5d802e2

5a06b1aee5d39a7c1f86db45aec3215560a5bb3d9e1fab189b18877e3be10e36

5b906f526f79a607ad3677bd9873c6a209a9952d93700629a4dd5b7b43ae347b

636ed47033dc0066e0e169d4be9d01b56886b255cd5d351b481e35200f507b43

65c205b93cf9c6d9e9acd5336e010a43309688bfc2e28cffbb5ba8973757fd49

c651e973d7cc7d54b38d45b9c464889778e4262d3dfeb692cd87f0a2fd0d7079

ecd0c9515106232ce9cb2e64bd93d688a4e6211dd0a42582f39435c3652ccf86

fd1b80b0afe3eb7f567268b2ddb4f022a9ac086d78e836605f378ac63630bc22

+ 1'803 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/210927-j7vf6agafr/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Program crash

Loads dropped DLL

Executes dropped EXE

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/c4aaf1d9e71e/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c4aaf1d9e71e42f0d3ea42dbb5877248e7ccd52a5dbc4a7dcd51b6c190fbbe60

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

vbs c4aaf1d9e71e42f0d3ea42dbb5877248e7ccd52a5dbc4a7dcd51b6c190fbbe60

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/191933/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample