MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c98f9d2a27cf5718577e4b9a2ed0f8bb606b1a5a79bf0f69b454ccd3d8522c15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c98f9d2a27cf5718577e4b9a2ed0f8bb606b1a5a79bf0f69b454ccd3d8522c15
SHA3-384 hash: 453622642c25a6a50b463f1a570831fb0314fc1e349f0a77489adb17f7834c483f7cfac8a76cf562a50ba5ffd2b6d2ca
SHA1 hash: 34a26c921d71002d1e396044a41a490ee3552cb3
MD5 hash: 5209552db61b19cc3dcffe60168f4359
humanhash: green-finch-venus-four
File name:new order.vbs
Download: download sample
File size:276'248 bytes
First seen:2023-08-22 07:43:39 UTC
Last seen:2023-08-22 12:01:52 UTC
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 6144:rpokHuoWbBIfeVhZFVJV25VdVDLBVuVSp6TD30ZN70M:rpokHuoWbBIfeVhZFVJV25VdVDLBVuVC
Threatray 11 similar samples on MalwareBazaar
TLSH T11444B92060DF648DB1B37FA30BEDA5E98F5BB6F1072BA02E2154430B8B96D94CE55731
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Reporter abuse_ch
Tags:vbs

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/444070/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader46.565.11746.29070.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Malicious
Labled as:
Generik.DSTPCAE trojan
Link:
https://www.hybrid-analysis.com/sample/c98f9d2a27cf5718577e4b9a2ed0f8bb606b1a5a79bf0f69b454ccd3d8522c15
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1294945
Signature
Antivirus detection for URL or domain
Found suspicious powershell code related to unpacking or dynamic code loading
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suspicious powershell command line found
VBScript performs obfuscated calls to suspicious functions
Very long command line found
Wscript starts Powershell (via cmd or directly)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c98f9d2a27cf5718577e4b9a2ed0f8bb606b1a5a79bf0f69b454ccd3d8522c15/
Threat name:
Script-WScript.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2023-08-21 06:10:48 UTC
File Type:
Text (VBS)
AV detection:
10 of 23 (43.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zghz2krhz5lrqv36jonc5uhyxnqgwgs2pg7q62nuktgnhwcsfqkq._file
Verdict:
malicious
Similar samples:
044cb562792bad9d4aa1fa99fcb642ed6bf4dd49af86938b75add85d021fa101
2177882a8fb4bd06c84f61e81cb2fdf862e88f0a86b66a10faa88801696422cd
5d0c01b1ceef88fb8963383443d7b833df48e10f8708edbfadb457c4ca99ffb4
94ecbf6f04ad4476d6b032a83b96f93897af0e16821b76802aaafb11677ad836
ac9e25f541065a26fb3dcb26ac76ca5c5ffd44a03973a07f049730f0760d4b04
d2f74dbb944eb5699de861b7044b5aa9c9f3904d166bdab705a4024b0bc34eaf
e7a157ba1819d7af9a5f66aa9e161cce68d20792d117a90332ff797cbbd8aaa5
+ 1 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/230822-jktlcaag33/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Blocklisted process makes network request
Malware Config
Dropper Extraction:
https://uploaddeimagens.com.br/images/004/559/510/original/rump_private.jpg?1690504129
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/c98f9d2a27cf5718577e4b9a2ed0f8bb606b1a5a79bf0f69b454ccd3d8522c15

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Visual Basic Script (vbs) vbs c98f9d2a27cf5718577e4b9a2ed0f8bb606b1a5a79bf0f69b454ccd3d8522c15

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/444070/
  
URLhaus
https://urlhaus.abuse.ch/url/2706360/

Comments