MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed556835173db0074576c71c281f0fffb2c4eb95706a47d01da69056ae16ff72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed556835173db0074576c71c281f0fffb2c4eb95706a47d01da69056ae16ff72
SHA3-384 hash: 6236c963f6885f0cc96cf3d5c81e670ce703e70018e4aa9ed3b410c273f41e0cc6d392858c1a41a4a56f9d543c05f809
SHA1 hash: ed9fc95022922238cd580ef5218b5a39961a9c68
MD5 hash: bed95f90b94b6852ed6719ca53fed133
humanhash: leopard-dakota-maryland-fix
File name:31agosto.vbs
Download: download sample
File size:1'881'220 bytes
First seen:2026-04-16 07:48:58 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 12288:TDoWu+4VIDTcqPlYuQes6Z8sPX+9AJK00Qod:foWu+4VIDTcqcF6Z8sPXiAJ90Qod
TLSH T16895A9041FEB80AE75A37D4045E0525B5BBBF6BBA6758B9F448003CD07F3608525AFBA
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Magika vba
Reporter BlinkzSec

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
CZ CZ
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/61847/
Detection(s):
SecuriteInfo.com.Script.SNH-gen.77285974.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69e094a145787c53e53a314c
Tags:
obfuscate xtreme shell
Verdict:
Malicious
Labled as:
GT:VB.ObfDldr.31
Link:
https://www.hybrid-analysis.com/sample/ed556835173db0074576c71c281f0fffb2c4eb95706a47d01da69056ae16ff72
Verdict:
Malicious
File Type:
text
First seen:
2026-04-15T13:16:00Z UTC
Last seen:
2026-04-17T19:04:00Z UTC
Hits:
~100
Detections:
Trojan.MSIL.Miner.sb Trojan.MSIL.Crypt.sb Trojan-Downloader.MSIL.Agent.a PDM:Trojan.Win32.Generic HEUR:Trojan-Downloader.Script.Generic Trojan.JS.SAgent.sb Trojan-PSW.Win32.Stealer.sb Trojan-Downloader.JS.Cryptoload.sb HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/ed556835173db0074576c71c281f0fffb2c4eb95706a47d01da69056ae16ff72/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ed556835173db0074576c71c281f0fffb2c4eb95706a47d01da69056ae16ff72
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ed556835173db0074576c71c281f0fffb2c4eb95706a47d01da69056ae16ff72/
Verdict:
Malicious
Threat:
Trojan.MSIL.Miner
Link:
https://tip.neiki.dev/file/ed556835173db0074576c71c281f0fffb2c4eb95706a47d01da69056ae16ff72
Threat name:
Win32.Trojan.Kepavll
Create hunting rule
Status:
Malicious
First seen:
2026-04-15 15:04:02 UTC
File Type:
Text (VBS)
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5vkwqnixhwyaorlwy4ocqhyp76zmj24vobvepua5u2ifnlqw75za._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery execution
Link:
https://tria.ge/reports/260416-jn3nesaw4p/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Contacts third-party web service commonly abused for C2
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Process spawned unexpected child process
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/ed556835173db0074576c71c281f0fffb2c4eb95706a47d01da69056ae16ff72

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/61847/

Comments