MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c75ebab7bc1babe41757a8aa104fb4d53adc6590a7de158fd5ae723ceb8cdb2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	c75ebab7bc1babe41757a8aa104fb4d53adc6590a7de158fd5ae723ceb8cdb2f
SHA3-384 hash:	ee50112a212dbae2d5e70cf353333dbbfacd8d43d82c0ab6bb7bc053e20851e1db6f61ab66078668b1bab5a68b6f0a40
SHA1 hash:	f65f4c05097effb763525eac10ab0f3eae2aa773
MD5 hash:	f1f3bb094218164cc3017d0f507df255
humanhash:	london-london-virginia-oranges
File name:	r.vbs
Download:	download sample
File size:	1'056 bytes
First seen:	2026-03-14 18:30:59 UTC
Last seen:	2026-03-14 18:34:38 UTC
File type:	vbs
MIME type:	text/plain
ssdeep	24:9AWyL25OXRHMZiCfMBRhX8E16ZNUqQVtMByhf06XbMJ:evK6RHwfMBRGE1VbMByF2J
Threatray	2'870 similar samples on MalwareBazaar
TLSH	T10C11EF44544CD0C6473102D6D190D924F46197EB2705DF48268CC8FE89A98FC34392EE
Magika	vba
Reporter	abuse_ch
Tags:	vbs

Intelligence

File Origin

# of uploads :

2

# of downloads :

57

Origin country :

SE

Vendor Threat Intelligence

No detections

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/57449/

Verdict:

Malicious

Score:

97.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69b5a97893b644ca466a0b22

Tags:

trojandownloader emotet smarts micro

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug dropper opendir packed

Link:

https://www.filescan.io/uploads/69b5a9754ec2f522cc495c75/reports/a6cea654-126b-4242-b267-6b7caddd2838/overview

Verdict:

Suspicious

Labled as:

Script.HttpDldr

Link:

https://www.hybrid-analysis.com/sample/c75ebab7bc1babe41757a8aa104fb4d53adc6590a7de158fd5ae723ceb8cdb2f

Verdict:

Malicious

File Type:

vbs

Detections:

Trojan-Downloader.Agent.HTTP.Download Trojan-Downloader.JS.Cryptoload.sb Trojan.Win32.Inject.sb HEUR:Trojan.Win32.Agentb.gen HEUR:Trojan.Script.Generic Trojan-Dropper.Win32.Injector.sb

Link:

https://opentip.kaspersky.com/c75ebab7bc1babe41757a8aa104fb4d53adc6590a7de158fd5ae723ceb8cdb2f/results?tab=lookup

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/1883816

Signature

Multi AV Scanner detection for submitted file

Potential malicious VBS script found (has network functionality)

Sigma detected: Script Initiated Connection to Non-Local Network

Sigma detected: WScript or CScript Dropper

System process connects to network (likely due to code injection or exploit)

VBScript performs obfuscated calls to suspicious functions

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Yara detected Generic JS Downloader

Behaviour

Behavior Graph:

Score:

8%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/c75ebab7bc1babe41757a8aa104fb4d53adc6590a7de158fd5ae723ceb8cdb2f

Verdict:

Malware

YARA:

1 match(es)

Tags:

ADODB.Stream MSXML2.XMLHTTP.6.0 Scripting.FileSystemObject VBScript WScript.Shell

Link:

https://app.malva.re/file/f1f3bb094218164cc3017d0f507df255

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c75ebab7bc1babe41757a8aa104fb4d53adc6590a7de158fd5ae723ceb8cdb2f/

Verdict:

Malicious

Threat:

Trojan.Win32.Inject

Link:

https://tip.neiki.dev/file/c75ebab7bc1babe41757a8aa104fb4d53adc6590a7de158fd5ae723ceb8cdb2f

Threat name:

Script.Trojan.Heuristic

Status:

Malicious

First seen:

2026-03-14 14:18:38 UTC

File Type:

Text (VBS)

AV detection:

7 of 24 (29.17%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=y5plvn54dov6if2xvcvbat5u2u5nyzmqu7pbld6vvzzdz24m3mxq._file

Verdict:

malicious

Label(s):

danabot

Similar samples:

1089d67ce129560fbf95684cdff2841d30d4550f7ddf1c8e19f6d2ec006f6b96

1ad3c75b844b2ce6f20beb1c324eec749d2783364a685a0db64638ee10279b59

36eeed998c47e1eadbd363a269e778dc1c0bd21c192180de220af130d59d74fe

3804440846b6af667a220725e399efdeae07148396d9ccad5b5ada03e29e3a41

395a68f5bcfa421b2dbdc7b51ea9237451193465c3e9fe095f522d127583727c

3ca2df830068d109a89d63e7e151817cad8304ef3b01f0f2a8ac0016d3f4f8f4

87dea51d43b985bfd8db69797a61ef8ca8f5229aec70092de8f1da27875e2a67

bc0a5efbade3df89d6c58b050fa3e5ed7a23e676221ba6869fc9e011b06acb17

ccc6f088e6a1b9c9bcee3af6e5baa094e868b111ea4f62cb377db909b1398ba8

f41c17f9bba9c25464b3055ba41f032a93384306dc1c555f62ef4b83f44fe751

+ 2'860 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/260314-w55kkadw5j/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Suspicious use of SetThreadContext

Looks up external IP address via web service

Checks computer location settings

Executes dropped EXE

Badlisted process makes network request

Downloads MZ/PE file

Malware family:

DanaBot

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/c75ebab7bc1b/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c75ebab7bc1babe41757a8aa104fb4d53adc6590a7de158fd5ae723ceb8cdb2f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

vbs c75ebab7bc1babe41757a8aa104fb4d53adc6590a7de158fd5ae723ceb8cdb2f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3795841/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/57449/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample