MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba81d2aedc40700e95bbfe5132756a98829dbb571f8a03d539c135df42d39f6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GenesisStealer

Vendor detections: 8

Intelligence 8 IOCs YARA 1 File information Comments

SHA256 hash:	ba81d2aedc40700e95bbfe5132756a98829dbb571f8a03d539c135df42d39f6d
SHA3-384 hash:	ee109685c9a5e7d2de442333ce070b2fe6babad9539d3fbe96bb5d799a87a999ba87153375ae13887705f4a5f4e18d7d
SHA1 hash:	f99715936433eace581b558642d71a34fbcaa79c
MD5 hash:	39bd58672ad2cf6ac698b80cf0c63d8f
humanhash:	orange-don-pizza-kilo
File name:	1067e00c6738e22c.js
Download:	download sample
Signature	GenesisStealer Create hunting rule
File size:	565'176 bytes
First seen:	2025-11-13 11:29:44 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	12288:1fO+K/4AmQr/PLO3V+EHM/l9PSXFX7Uk4qYXHf9oQhaQdknJoayh:pqmQTPLsnHcCFb4qYhjknJoayh
TLSH	T16CC40189579E1CFC05C1E3F66223948A9F488D04824B2CB3BDA9FFC2F694A53749356D
Magika	javascript
Reporter	burger
Tags:	GenesisStealer js payload

Intelligence

File Origin

# of uploads :

# of downloads :

101

Origin country :

Vendor Threat Intelligence

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6915c10260ebe843fe8db489

Tags:

n/a

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

base64 obfuscated repaired

Link:

https://www.filescan.io/uploads/6915c15ca8f135d0867d727c/reports/2c68b109-83e9-487b-8761-541995122039/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/ba81d2aedc40700e95bbfe5132756a98829dbb571f8a03d539c135df42d39f6d

Verdict:

Malicious

File Type:

First seen:

2025-11-13T08:24:00Z UTC

Last seen:

2025-11-14T00:29:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-PSW.Script.Generic

Link:

https://opentip.kaspersky.com/ba81d2aedc40700e95bbfe5132756a98829dbb571f8a03d539c135df42d39f6d/results?tab=lookup

Result

Threat name:

n/a

Detection:

suspicious

Classification:

n/a

Score:

22 / 100

Link:

https://www.joesandbox.com/analysis/1813254

Signature

Sigma detected: WScript or CScript Dropper

Behaviour

Behavior Graph:

Download SVG

Score:

96%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/ba81d2aedc40700e95bbfe5132756a98829dbb571f8a03d539c135df42d39f6d

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ba81d2aedc40700e95bbfe5132756a98829dbb571f8a03d539c135df42d39f6d/

Verdict:

Malicious

Threat:

Trojan-PSW.Script

Link:

https://tip.neiki.dev/file/ba81d2aedc40700e95bbfe5132756a98829dbb571f8a03d539c135df42d39f6d

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2025-11-13 11:29:09 UTC

File Type:

Text (JavaScript)

AV detection:

5 of 24 (20.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xka5flw4ibya5fn37zite5lktcbj3o2xd6fahvjzye256qwtt5wq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

execution

Link:

https://tria.ge/reports/251113-nmfjqacq8x/

Behaviour

Command and Scripting Interpreter: JavaScript

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)