MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe816b6ade53ec60929d8890e07e6db410ef8b22ad6301199bc36f6fba340421. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe816b6ade53ec60929d8890e07e6db410ef8b22ad6301199bc36f6fba340421
SHA3-384 hash: 29f012f13f344b85d0b1cdedfbbf1e544d1031d52b396794767b23f2bb79c511bd3cebb7fc98704dfb0f6cf2c95c266f
SHA1 hash: b4e139b442c4306e685582cffa51ef8d23fa7e85
MD5 hash: 9a8ba2c555a5464901bf5872e120788b
humanhash: magazine-friend-magnesium-whiskey
File name:rcontrato_d6fac7a8.vbs
Download: download sample
File size:105'676 bytes
First seen:2026-05-28 05:00:18 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 768:EacwaCos5Fk9HBg15c5BTRCQ9UGGgPxn0+Y1nftpS4/NwLYkLoXlZOXYZLgGq+Pz:KStTfPzxFOMGs+tt/19gf
TLSH T1DDA30441F7F94119BAB72F442AB946B8497BBFA2153DC9DDCA100D8D0B33518A93873B
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Magika vba
Reporter FXOLabs
Tags:vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
US US
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/68222/
Detection(s):
Porcupine.Trojan.VBS.SAgent.gen.522942.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a17cc115b1db29f5a48ace0
Tags:
obfuscate vmdetect extens xtreme
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive obfuscated opendir powershell
Link:
https://www.filescan.io/uploads/6a17cc0446e44aecc0c0ba72/reports/1989de99-21c6-4891-a7ee-02e682b9c85b/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/fe816b6ade53ec60929d8890e07e6db410ef8b22ad6301199bc36f6fba340421
Verdict:
Malicious
File Type:
vbs
First seen:
2026-05-27T23:58:00Z UTC
Last seen:
2026-05-29T16:02:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan.VBS.SAgent.gen Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/fe816b6ade53ec60929d8890e07e6db410ef8b22ad6301199bc36f6fba340421/results?tab=lookup
Score:
48%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/fe816b6ade53ec60929d8890e07e6db410ef8b22ad6301199bc36f6fba340421
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe816b6ade53ec60929d8890e07e6db410ef8b22ad6301199bc36f6fba340421/
Verdict:
Malicious
Threat:
Trojan.JS.SAgent
Link:
https://tip.neiki.dev/file/fe816b6ade53ec60929d8890e07e6db410ef8b22ad6301199bc36f6fba340421
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-05-28 05:00:59 UTC
File Type:
Text
AV detection:
8 of 38 (21.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=72aww2w6kpwgbeu5rcioa7tnwqio7czcvvrqcgm3ynxw7oruaqqq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
execution
Link:
https://tria.ge/reports/260528-fneptafw9l/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fe816b6ade53ec60929d8890e07e6db410ef8b22ad6301199bc36f6fba340421

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Visual Basic Script (vbs) vbs fe816b6ade53ec60929d8890e07e6db410ef8b22ad6301199bc36f6fba340421

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/68222/

Comments