user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:VBS/Sonbokli.A!cl
Trojan:VBS/Sonbokli.A!cl - Windows Defender threat signature analysis

Trojan:VBS/Sonbokli.A!cl - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:VBS/Sonbokli.A!cl
Classification:
Type:Trojan
Platform:VBS
Family:Sonbokli
Detection Type:Concrete
Known malware family with identified signatures
Variant:A
Specific signature variant within the malware family
Suffix:!cl
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for VBScript platform, family Sonbokli

Summary:

Trojan:VBS/Sonbokli.A!cl is a malicious VBScript that typically acts as a first-stage downloader or dropper. Its primary function is to contact a remote server to download and execute additional, more harmful malware payloads, initiating a more severe infection on the compromised system.

Severity:
High
VDM Static Detection:
Relevant strings associated with this threat:
 - |#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID)
 - }#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID)
 - &|#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID)
 - &}#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID)
 - y*|#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID)
 - y*}#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID)
 - C|#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID)
 - C}#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID)
 - L|#3b576869-a4ec-4529-8536-b80a7769e899 (NID)
 - L}#3b576869-a4ec-4529-8536-b80a7769e899 (NID)
 - |#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID)
 - }#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID)
 - |#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID)
 - }#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID)
 - |#d3e037e1-3eb8-44c8-a917-57927947596d (NID)
 - }#d3e037e1-3eb8-44c8-a917-57927947596d (NID)
 - |#7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c (NID)
 - }#7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c (NID)
 - |#92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b (NID)
 - }#92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b (NID)
Known malware which is associated with this threat:
Filename: SRTB.vbs
107e00e14a8e3c42e0e51e21f430c4e5fb6bd824ed4d9b03fd6783c6a97e655d
09/12/2025
VirusTotalDownload Sample
Filename: BESTELLUNG BAL 5421005.vbs
81faf175420e3c53913e69b53918d554ac5e45220e5ae0da15308c45454f109d
01/12/2025
VirusTotalDownload Sample
Filename: HBL_pdf.vbs
0f34330b58ea8d40bff07b3acfba87984f4e1197632b23f7147cc0ff5a9212f9
19/11/2025
VirusTotalDownload Sample
Filename: docs_997441.vbs
4cff4c242546f84b11bd9876c0a68f3ecb0687a4824fa0bd9cdcb6878f51e905
18/11/2025
VirusTotalDownload Sample
Filename: ENQUIRY FOR LPO 1934 (REVISED).vbs
815b1ccf52d1f815f76b46b5a23f203dc80debafb39e1b6c95d9d19863a69828
18/11/2025
VirusTotalDownload Sample
Remediation Steps:
Ensure your antivirus has quarantined and removed the detected file. Run a full system scan with updated definitions to find any related components. Investigate the entry vector, such as a malicious email attachment, and check for signs of follow-on activity like unusual network connections or new scheduled tasks.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 18/11/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$