MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ebeef831c52b7e930a6456caedf7849814b8d4def2bc0e70a0e7a357621ef6bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ebeef831c52b7e930a6456caedf7849814b8d4def2bc0e70a0e7a357621ef6bc
SHA3-384 hash: 72cd9ebde2a9901c628315c48c1bf174031570f3668df1cc5952049b972486f4926b019607fd44c06e2c0d3f3b1df617
SHA1 hash: 0ee438ff255787e841581e5c23d340dfee8265b9
MD5 hash: ff0eb16768e7ecde4c7407f68a1f9b95
humanhash: south-white-music-maryland
File name:zcgo1.vbs
Download: download sample
File size:1'876 bytes
First seen:2026-02-25 11:03:34 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 48:n14t1Ge7zje0TAVzDrqnqzfF/aa8quE/fwNJw6rj:n882zje0TAVzDrqnQ1aaGAB6rj
Threatray 2 similar samples on MalwareBazaar
TLSH T19A3120FF9906C061886281D9CAF5E61EFAC3287B6425D42C3C05C9C75B36D39DAA009E
Magika vba
Reporter juroots
Tags:vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
GB GB
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/54554/
Detection(s):
SecuriteInfo.com.VBS.Downloader-2.UNOFFICIAL
Create hunting rule

Txt.Trojan.BadIIS-10059202-0
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=697991a66fa3eed1652fbfbd
Tags:
virus spawn blic
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug badiis base64 cmd dropper evasive expand explorer fingerprint fingerprint installer-heuristic keylogger lolbin
Link:
https://www.filescan.io/uploads/699ed75804510f87ba757ce7/reports/cdde46a7-474a-48ad-af40-152d20a92fb3/overview
Verdict:
Malicious
Labled as:
VBS_TrojanDownloader_Agent_PHZ_trojan
Link:
https://www.hybrid-analysis.com/sample/ebeef831c52b7e930a6456caedf7849814b8d4def2bc0e70a0e7a357621ef6bc
Verdict:
Malicious
File Type:
vbs
First seen:
2025-09-26T02:57:00Z UTC
Last seen:
2026-02-06T08:23:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/ebeef831c52b7e930a6456caedf7849814b8d4def2bc0e70a0e7a357621ef6bc/results?tab=lookup
Score:
60%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/ebeef831c52b7e930a6456caedf7849814b8d4def2bc0e70a0e7a357621ef6bc
Verdict:
Malware
YARA:
1 match(es)
Tags:
ADODB.Stream DeObfuscated MSXML2.ServerXMLHTTP MSXML2.XMLHTTP Obfuscated Scripting.FileSystemObject T1059.005 VBScript WScript.Shell
Link:
https://app.malva.re/file/ff0eb16768e7ecde4c7407f68a1f9b95
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ebeef831c52b7e930a6456caedf7849814b8d4def2bc0e70a0e7a357621ef6bc/
Verdict:
Malicious
Threat:
Trojan-Downloader.JS.SLoad
Link:
https://tip.neiki.dev/file/ebeef831c52b7e930a6456caedf7849814b8d4def2bc0e70a0e7a357621ef6bc
Threat name:
Script-WScript.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-11-20 06:30:52 UTC
File Type:
Text (VBS)
AV detection:
18 of 36 (50.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5pxpqmoffn7jgctek3fo354etaklrvg66k6a44fa46rvoyq6626a._file
Verdict:
malicious
Label(s):
admintool_gotohttp
Create hunting rule
Similar samples:
236c90cde83b3dc403c3c186193b0d2cd14b067f6b4c840d5f0baee57840eba9
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/260225-m6mxgagt5g/
Behaviour
Badlisted process makes network request
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ebeef831c52b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ebeef831c52b7e930a6456caedf7849814b8d4def2bc0e70a0e7a357621ef6bc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Visual Basic Script (vbs) vbs ebeef831c52b7e930a6456caedf7849814b8d4def2bc0e70a0e7a357621ef6bc

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/54554/
  
URLhaus
https://urlhaus.abuse.ch/url/3785442/
  
Delivery method
Distributed via web download

Comments