MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ddf451e7e63b25b41485ffcfd3337e4e0d876e01bde6171ff286f0a5e3df3def. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ddf451e7e63b25b41485ffcfd3337e4e0d876e01bde6171ff286f0a5e3df3def
SHA3-384 hash: 8b2625bcde21faf60f6b78d5e2da59124bfec8f5adaffd53ffa4b9087d620ea1645b9481d5ddc6bbd2aab31a8134bcd8
SHA1 hash: 2ac7d1f68f1e74adcea6848045ff189ac572b0cc
MD5 hash: 90fc3a6bc60c648dd6bec966f0e766a6
humanhash: stairway-kilo-queen-south
File name:ddf451e7e63b25b41485ffcfd3337e4e0d876e01bde6171ff286f0a5e3df3def.vbs
Download: download sample
File size:57'739 bytes
First seen:2025-08-07 11:41:23 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 192:Nj6F/F/b/IGSiJghajioTrfbegHhjiGgsrrFu6lCt5BVHZY5cX08eZb+Hxr5LG1I:digPEqxt69w
Threatray 209 similar samples on MalwareBazaar
TLSH T1344369EA5A652364E4BC1E0295F3AE37CFC54E388CACC11D9C1366882E07D4DA5FA7D4
Magika vba
Reporter JAMESWT_WT
Tags:198-55-102-200 vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
27
Origin country :
IT IT
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19474/
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6894913b11d7f9b979e6598e
Tags:
obfuscate xtreme spawn
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/ddf451e7e63b25b41485ffcfd3337e4e0d876e01bde6171ff286f0a5e3df3def
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ddf451e7e63b25b41485ffcfd3337e4e0d876e01bde6171ff286f0a5e3df3def
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ddf451e7e63b25b41485ffcfd3337e4e0d876e01bde6171ff286f0a5e3df3def/
Verdict:
Malicious
Threat:
Trojan.JS.SAgent
Link:
https://tip.neiki.dev/file/ddf451e7e63b25b41485ffcfd3337e4e0d876e01bde6171ff286f0a5e3df3def
Threat name:
Script-WScript.Downloader.RemcosRAT
Create hunting rule
Status:
Malicious
First seen:
2025-07-30 10:22:20 UTC
File Type:
Text (VBS)
AV detection:
7 of 36 (19.44%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3x2fdz7ghms3ifef77h5gm36jygyo3qbxxtboh7sq3ykly67hxxq._file
Verdict:
malicious
Label(s):
purecrypter
Create hunting rule
Similar samples:
147a67928167e73aefdeec5de007f82c5ed4bf8a904f2abf590cabd682500a4f
3e8983f9eca760cd0d3de50ca7a564e53a0b72e3dab2211febeb5072b20845ee
424ed818acf4242c6cba6490611a4585ed42cc3efcc12d086f7a2359873b5bff
640f79c3e3bd4a3d762a7b94121972dc8a54c02b614e321a18f4ce01ebf53a92
73567ae90c7f723ab21de0de86e70ed248922372b37efa938e634c368f7b0746
7497c530f92f52b36c6ed172862fda4ff7bbc1392f14d22283dec82463c871eb
769940e161bd543f278dba9c0b5c58edefe07f47dde1bc54c093b752168c45e7
9b3fc8083347fd5cea258502c5e42cbd7f56fe4bb9df0e3693ac145db2775078
d25ce51a5c23df06ac177ac26091a18fda74a57bcf60391b2fdafbdfb589edb9
e5f8cde1a18c395f639e94b3387760bc52c48555bcc3a84233fc5d81e8970304
error
+ 199 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
execution
Link:
https://tria.ge/reports/250807-ntx3cagn61/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
Malware Config
Dropper Extraction:
http://198.55.102.200/xampp/cv/optimized_MSI.png
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ddf451e7e63b25b41485ffcfd3337e4e0d876e01bde6171ff286f0a5e3df3def

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19474/

Comments