MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f44394f10dd10600a8f25093e76fac442c594ea85debf6bfea0933766529f747. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f44394f10dd10600a8f25093e76fac442c594ea85debf6bfea0933766529f747
SHA3-384 hash: dc58c26f3790418d905a16eb965b580cdfed1b8fdfa67fcf0d09859b028d5facda6f28a098f2ff802b3d544b247d74f3
SHA1 hash: 04e6ab4bb1b17bdb62471a51ea76e01c09f234a6
MD5 hash: 4a8a69631d3424b79e1c6b4cbc53112b
humanhash: arizona-wolfram-juliet-harry
File name:INVOICE.vbs
Download: download sample
File size:1'133 bytes
First seen:2021-08-03 15:29:13 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 24:APcmi+r3nJJMzeArpIqmnAMvAN5STD69P1EI3SDKV:rt+bnzMz5rK/AN5SPc1EI3D
Threatray 50 similar samples on MalwareBazaar
TLSH T18F2100243A0BF135504AE3C65DB99A34F2A76276C5605495327DC29980BF9EE28C3ECE
Reporter abuse_ch
Tags:vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/176111/
Result
Verdict:
UNKNOWN
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/826337
Signature
Creates an undocumented autostart registry key
Obfuscated command line found
Sigma detected: Suspicious PowerShell Command Line
VBScript performs obfuscated calls to suspicious functions
Wscript starts Powershell (via cmd or directly)
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f44394f10dd10600a8f25093e76fac442c594ea85debf6bfea0933766529f747/
Threat name:
Script.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2021-08-03 15:30:11 UTC
AV detection:
2 of 46 (4.35%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6rbzj4in2edabkhskcj6o35miqwfstvilxv7np7kbezxmzjj65dq._file
Verdict:
suspicious
Similar samples:
13f297d03a1dea9495fbd57508fdf3bc1975954ed97338bb4d35adcd9e02536d
14448088ae4dd96af8de65e81abbfbdd5493f380e218f8389d2110d1cfbf8299
33b2e62e08629bd097db93a9307d133cfc2fb8732c10a75c2bce199f56408e9c
56a430a18e93eee6f709348fba459a6f639c032c7718806c01a6ba522dd704e6
87f4a4c323f26710b7acdc123173fa63f4ccb4f3c8239dfaa489ee69ab89f7cc
ab59fbf0ee10b8c5428479b1f5dfdb5cfc87dd40407b3742814ab34611f32b1d
ba4b51ae64c68b32d126322b51b41dce7c300c01faed97aca35ff142e121a914
db95252c51380bd1270af501cbc040ce72a3ad551156526580e4ce39b3feb0de
+ 40 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
suricata
Link:
https://tria.ge/reports/210803-bw96b677fx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Blocklisted process makes network request
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
Malware Config
Dropper Extraction:
https://ia601505.us.archive.org/29/items/bypass_20210803/bypass.txt
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f44394f10dd10600a8f25093e76fac442c594ea85debf6bfea0933766529f747

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Visual Basic Script (vbs) vbs f44394f10dd10600a8f25093e76fac442c594ea85debf6bfea0933766529f747

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/176111/

Comments