MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec750acffc7d178d9311b8c19daa83f4c7f1742e6869e7ecd4a0d8d511971c63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec750acffc7d178d9311b8c19daa83f4c7f1742e6869e7ecd4a0d8d511971c63
SHA3-384 hash: 29cfc8fadb9e17ccc842b8aaf9e05f6444c5b0e5c0c27e42d81b27dce2392f683d4ee16a1eaac753af805aba942076a4
SHA1 hash: 4c54abea0732f42bcadc3c68f36044d8296665df
MD5 hash: 92411de3a00c777e23c33210751d03c1
humanhash: five-robin-iowa-magnesium
File name:z1Contract.vbs
Download: download sample
File size:676'239 bytes
First seen:2025-12-11 12:01:12 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 192:FPWkFk08iucemtLQq4TeYaACLkTaohe8vQosGt27zVwI4i1sNOtQqbC:mNOtQqbC
Threatray 3'548 similar samples on MalwareBazaar
TLSH T180E46DBCF40C52E533C3A7A8A399F45A76B04DB168B1DF2321DC606435BFD1A1922B63
Magika txt
Reporter FXOLabs
Tags:vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
US US
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/44279/
Detection(s):
Porcupine.Trojan.Script.Generic.469005.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=693ab294a675b653bd10114d
Tags:
obfuscate xtreme shell
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm base64 base64 fingerprint obfuscated obfuscated overlay powershell
Link:
https://www.filescan.io/uploads/693ab2911eac7b9b76a5ae66/reports/4288dcad-9801-44e3-870c-c9f73be3fc33/overview
Verdict:
Suspicious
Labled as:
PSH/Agent.WL
Link:
https://www.hybrid-analysis.com/sample/ec750acffc7d178d9311b8c19daa83f4c7f1742e6869e7ecd4a0d8d511971c63
Verdict:
Malicious
File Type:
vbs
First seen:
2025-12-11T03:26:00Z UTC
Last seen:
2025-12-13T10:28:00Z UTC
Hits:
~1000
Detections:
Backdoor.Agent.TCP.C&C Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic Trojan-Spy.Agent.SMTP.C&C Trojan.Crypt.TCP.ServerRequest
Link:
https://opentip.kaspersky.com/ec750acffc7d178d9311b8c19daa83f4c7f1742e6869e7ecd4a0d8d511971c63/results?tab=lookup
Score:
11%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/ec750acffc7d178d9311b8c19daa83f4c7f1742e6869e7ecd4a0d8d511971c63
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ec750acffc7d178d9311b8c19daa83f4c7f1742e6869e7ecd4a0d8d511971c63/
Verdict:
Malicious
Threat:
Trojan.Crypt.TCP
Link:
https://tip.neiki.dev/file/ec750acffc7d178d9311b8c19daa83f4c7f1742e6869e7ecd4a0d8d511971c63
Threat name:
Script-WScript.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-11 08:31:12 UTC
File Type:
Binary
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5r2qvt74puly3eyrxdaz3kud6td7c5bonbu6p3guudmnkemxdrrq._file
Verdict:
malicious
Label(s):
xworm
Create hunting rule
404keylogger
Create hunting rule
Similar samples:
2cb24bafbd5728a17a8a8d07a555061ad58a81a25ce3dc090c5d3ca4c8a77349
30f5eb5dbd68c4f89bec483da5d30044f4366f68df6c26673ebac63df2561bcd
3529c06d0771eb00f68db35c2a65b95c6dbeaa5a3cf4ff3302d8dcfde84663c9
68fa0dd6b006ddf41bfd6caee99a66506b5b56c1c86df77a7bacc761e6b1aa82
70c4f474516adb9bba17759bf2023ad445fe8910fa83cdcc225b14a8ccb6fb69
96ffb93ccc5265198ecba5de0bda1a02720381b1ce4c807998f2450696baa2aa
bf85c808d84f3d1b83c812aaa7362b79b460f3d040ef9848a5df9d407b38b17d
db2000430c77dc833b265c715e2adcd722bb14ca83bf81f751cf00f9fa8f959d
error
+ 3'538 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
execution
Link:
https://tria.ge/reports/251211-pcs8hasjav/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Process spawned unexpected child process
Malware Config
Dropper Extraction:
https://cdn.tagbox.io/assets/6939ddbee4f7fe0011781587/7697c827-2ad6-4ffe-ab0c-2b386724f982---optimized_msi.png
Malware family:
DnlibLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ec750acffc7d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/ec750acffc7d178d9311b8c19daa83f4c7f1742e6869e7ecd4a0d8d511971c63

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ClamAV_Emotet_String_Aggregate
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Visual Basic Script (vbs) vbs ec750acffc7d178d9311b8c19daa83f4c7f1742e6869e7ecd4a0d8d511971c63

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/44279/

Comments