MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f27704629a4b9f59c0c17c892c783b874e750c3de4fbfb306e1712bceafcce7f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	f27704629a4b9f59c0c17c892c783b874e750c3de4fbfb306e1712bceafcce7f
SHA3-384 hash:	ef88adb4c43205085785a7d9b835d57d729793acf5e1bae2654f35842d3954a81d0b803b93b9ad533c3bc6d0e810cc0c
SHA1 hash:	6e7350b807fc20098e6390d5ca6319da2374b446
MD5 hash:	36f94ec5083774e29b165bfc1c415c3d
humanhash:	white-burger-thirteen-kentucky
File name:	31agosto.vbs
Download:	download sample
File size:	1'102 bytes
First seen:	2026-03-05 07:23:14 UTC
Last seen:	Never
File type:	vbs
MIME type:	text/plain
ssdeep	24:KXnAKqahwAW2wc0K5NU9RGUimUwn/zii9nJswC9KVk6Uwn/zii9nJ7wC9vZ44:NBW50YNIGfmdJJC9KVk6dJkC9hT
TLSH	T156118011DC0278E75F57B2F4CA131A18DCB9F93B4065A84DB714CD491E359F8B1607E2
Magika	vba
Reporter	abuse_ch
Tags:	vbs

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

53

Origin country :

SE

Vendor Threat Intelligence

ACCE Coin

Malware configuration found for:

Coin

Details

Link:

https://research.acce.ciphertechsolutions.com/results/f78bc73e-7e9b-472b-ad1a-3ab6445d3b49/

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/55629/

CyberFortress Malicious

Verdict:

Malicious

Score:

91.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69a92f68e1f958bf6683cd1c

Tags:

trojandownloader dropper html

Hybrid Analysis TrojanDownloader/BAT.Agent

Verdict:

Malicious

Labled as:

TrojanDownloader/BAT.Agent

Link:

https://www.hybrid-analysis.com/sample/f27704629a4b9f59c0c17c892c783b874e750c3de4fbfb306e1712bceafcce7f

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

vbs

Detections:

HEUR:Trojan.VBS.Agent.gen

Link:

https://opentip.kaspersky.com/f27704629a4b9f59c0c17c892c783b874e750c3de4fbfb306e1712bceafcce7f/results?tab=lookup

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1878625

Signature

Multi AV Scanner detection for submitted file

Potential malicious VBS script found (has network functionality)

Sigma detected: Script Initiated Connection to Non-Local Network

Sigma detected: WScript or CScript Dropper

System process connects to network (likely due to code injection or exploit)

VBScript performs obfuscated calls to suspicious functions

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Susipicious

Score:

51%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/f27704629a4b9f59c0c17c892c783b874e750c3de4fbfb306e1712bceafcce7f

Malva.RE Malware

Verdict:

Malware

YARA:

1 match(es)

Tags:

ADODB.Stream MSXML2.XMLHTTP.6.0 Scripting.FileSystemObject VBScript WScript.Shell

Link:

https://app.malva.re/file/36f94ec5083774e29b165bfc1c415c3d

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f27704629a4b9f59c0c17c892c783b874e750c3de4fbfb306e1712bceafcce7f/

Neiki Clean

Verdict:

Clean

Link:

https://tip.neiki.dev/file/f27704629a4b9f59c0c17c892c783b874e750c3de4fbfb306e1712bceafcce7f

ReversingLabs TitaniumCloud Win32.Trojan.Etset

Threat name:

Win32.Trojan.Etset

Alert

Create hunting rule

Status:

Malicious

First seen:

2026-03-04 13:00:00 UTC

File Type:

Text (VBS)

AV detection:

7 of 24 (29.17%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=6j3qiyu2jopvtqgbpsesy6b3q5hhkdb54t57wmdoc4jlz2x4zz7q._file

Hatching Triage Malicious

Result

Malware family:

n/a

Score:

  8/10

Tags:

n/a

Link:

https://tria.ge/reports/260305-h7yyxady6n/

Behaviour

Badlisted process makes network request

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Suspicious File

Threat name:

Suspicious File

Score:

0.51

Link:

https://yomi.yoroi.company/submissions/f27704629a4b9f59c0c17c892c783b874e750c3de4fbfb306e1712bceafcce7f

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

vbs f27704629a4b9f59c0c17c892c783b874e750c3de4fbfb306e1712bceafcce7f

(this sample)

  

URLhaus

https://urlhaus.abuse.ch/url/3723453/

  

Delivery method

Distributed via web download

  

URLhaus

https://urlhaus.abuse.ch/url/3723459/

  

URLhaus

https://urlhaus.abuse.ch/url/3724301/

Cape

https://www.capesandbox.com/analysis/55629/

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

commented on 2026-03-05 07:49:51 UTC

Payload URL:
https://esvpotfvg0.ufs.sh/f/okyTib8Lmo0CCsJexhtOZmnuJAN4E1URhT3GWMBiPLQdSarf