MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4073f71a9d0616905a018e6f42c60530ffaad1cba3f1057d3f47b82fa3f90e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


XWorm


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4073f71a9d0616905a018e6f42c60530ffaad1cba3f1057d3f47b82fa3f90e5
SHA3-384 hash: 6ef74f9f151b1a99c773b3189980ac8836f5af4925ef023cf0a6086d679d28895a904bb13b158368c45eca8d9155e0b9
SHA1 hash: a777e12145311054fadecfe0941ffc6085add989
MD5 hash: 9b213a96c508337ac71d9a8ac3bfca0c
humanhash: social-pizza-massachusetts-jupiter
File name:rAWBDHL7214306201.vbs
Download: download sample
Signature XWorm
Create hunting rule
File size:220'254 bytes
First seen:2025-11-12 15:00:13 UTC
Last seen:2025-11-14 14:59:11 UTC
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 6144:Ps1/DDO/vX03jIBxkez881JgwJsbObq2ymmLdR/V3Gaofbu0KFl2:jLUBNGuO
Threatray 1'585 similar samples on MalwareBazaar
TLSH T1BC24D82802915D68CBA1337125BFFF70143AF24D99241A72C9DEA0EC5D7A1CCF7DA9A4
Magika vba
Reporter FXOLabs
Tags:vbs xworm

Intelligence

File Origin
# of uploads :
3
# of downloads :
87
Origin country :
BR BR
Vendor Threat Intelligence
Detection:
XWorm
Create hunting rule
Link:
https://www.capesandbox.com/analysis/37728/
Detection(s):
Sanesecurity.Rogue.0hr.20251112-1435.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6914a11960ebe843fe8d661d
Tags:
obfuscate xtreme shell
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm base64 cmd evasive fingerprint lolbin masquerade obfuscated powershell
Link:
https://www.filescan.io/uploads/6914a11333abde90e928f90a/reports/420a2947-45ad-4164-99b7-a587cdb5a6ec/overview
Verdict:
Suspicious
Labled as:
JS/Agent.DGI
Link:
https://www.hybrid-analysis.com/sample/f4073f71a9d0616905a018e6f42c60530ffaad1cba3f1057d3f47b82fa3f90e5
Verdict:
Malicious
File Type:
vbs
First seen:
2025-11-12T08:49:00Z UTC
Last seen:
2025-11-14T12:42:00Z UTC
Hits:
~1000
Detections:
Trojan.JS.SAgent.sb HEUR:Trojan.VBS.SAgent.gen HEUR:Trojan.Script.Generic HEUR:Trojan.PowerShell.Tesre.sb Backdoor.Agent.TCP.C&C Trojan-Downloader.JS.Cryptoload.sb HEUR:Trojan-Downloader.Script.Generic Trojan.PowerShell.AmsiBypass.sb
Link:
https://opentip.kaspersky.com/f4073f71a9d0616905a018e6f42c60530ffaad1cba3f1057d3f47b82fa3f90e5/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f4073f71a9d0616905a018e6f42c60530ffaad1cba3f1057d3f47b82fa3f90e5
Verdict:
Malware
YARA:
1 match(es)
Tags:
DeObfuscated Obfuscated SCRIPTING.FILESYSTEMOBJECT T1059.005 VBScript
Link:
https://app.malva.re/file/9b213a96c508337ac71d9a8ac3bfca0c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4073f71a9d0616905a018e6f42c60530ffaad1cba3f1057d3f47b82fa3f90e5/
Verdict:
Malicious
Threat:
Family.XWORM
Link:
https://tip.neiki.dev/file/f4073f71a9d0616905a018e6f42c60530ffaad1cba3f1057d3f47b82fa3f90e5
Threat name:
Script-WScript.Backdoor.Xworm
Create hunting rule
Status:
Suspicious
First seen:
2025-11-12 15:00:38 UTC
File Type:
Text (VBS)
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6qdt64nj2bqwsbnaddtpildakmh7vli4xi7rav6t6r5yf6r7sdsq._file
Verdict:
malicious
Label(s):
xworm
Create hunting rule
Similar samples:
203d89bb4cc6f43407327ed2c132bbe394cb55f7ff3cd4f84038943df2e0ebf7
XWorm
36c01710f8ff21e4e5a5e72373c419d3fadd9f22de8d7e78b1502e03a42bdd4e
XWorm
4e6d500ed54ad0ae55137aed25539c0939c541c72677239536448657bd201321
XWorm
4fc5db02f555a38fe3a0153e1f7d8261fc545a9ac7a2951a4558f5571b20531d
XWorm
581ccdedd0f1e52d4827a25038c0eeb4f3526cbcb430df2cb3f8607995805991
XWorm
6cf1c68d259035f265168771686ac382616e240c82e0c449589cd66dc181549e
XWorm
b7e93b89a32f2b7ed23d4e053791bd79ca4a3ad0b864797eb575ced88da59f8e
XWorm
d436b01ea1ce184f3e4e3e2ff3cfd4841f21e5008c6c827a2342c69711eae8c5
XWorm
error
XWorm
f3da246accb9e31bdb4e51187dada28e4c71a927c56adea2333fb9625b1bf7f5
XWorm
+ 1'575 additional samples on MalwareBazaar
Malware family:
XWorm
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/f4073f71a9d0/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f4073f71a9d0616905a018e6f42c60530ffaad1cba3f1057d3f47b82fa3f90e5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

XWorm

Visual Basic Script (vbs) vbs f4073f71a9d0616905a018e6f42c60530ffaad1cba3f1057d3f47b82fa3f90e5

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/37728/

Comments