MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02f021137074a7eb8059a84ffd92a4c0588b9ab09fbd2ffd9aa534d4ee94b500. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	02f021137074a7eb8059a84ffd92a4c0588b9ab09fbd2ffd9aa534d4ee94b500
SHA3-384 hash:	107c73bb8fd99ae127b665e7dcf12eb09fede377e5d58ddb8aa23b5cf7a62a14a2e151c19891726ac676372207f7ba25
SHA1 hash:	2ea3493e5dd0dc3a79d2554ab50548fd213d94c4
MD5 hash:	daf97aecd2c1b6efd1a60aee658ea694
humanhash:	mexico-double-arkansas-bacon
File name:	output_a06iuuis.js
Download:	download sample
File size:	795'558 bytes
First seen:	2026-06-06 19:40:48 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	3072:/fwhAfUQxclyBiDseXPMfuXGZ6wNFm1lBFKKGKhkVIsEHfxE9VQfprHT2zW0jaEd:XsQxcAb
TLSH	T1FB05163DCC69412ED573D619C49A099FF8C25517223CE94B60C73B9BAF638827B8239D
TrID	66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1) 33.3% (.MP3) MP3 audio (1000/1)
Magika	txt
Reporter	TomU
Tags:	js

Intelligence

File Origin

# of uploads :

# of downloads :

117

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.Other.Malware-gen.25287415.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a246a922f0f550abbfa0559

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

conhost obfuscated powershell repaired

Link:

https://www.filescan.io/uploads/6a2477e8099ef368af2403ee/reports/abd14455-dfc1-4ab8-b99a-14ddeeba8dcc/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/02f021137074a7eb8059a84ffd92a4c0588b9ab09fbd2ffd9aa534d4ee94b500

Verdict:

Malicious

File Type:

First seen:

2026-06-05T07:48:00Z UTC

Last seen:

2026-06-07T17:12:00Z UTC

Hits:

~100

Detections:

PDM:Trojan.Win32.Generic HEUR:Trojan.Script.Generic

Link:

https://opentip.kaspersky.com/02f021137074a7eb8059a84ffd92a4c0588b9ab09fbd2ffd9aa534d4ee94b500/results?tab=lookup

Score:

55%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/02f021137074a7eb8059a84ffd92a4c0588b9ab09fbd2ffd9aa534d4ee94b500

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/02f021137074a7eb8059a84ffd92a4c0588b9ab09fbd2ffd9aa534d4ee94b500/

Threat name:

Win32.Trojan.Ravartar

Status:

Malicious

First seen:

2026-06-05 11:30:58 UTC

File Type:

Text (JavaScript)

AV detection:

10 of 24 (41.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=alycce3qost6xaczvbh73eveybmixgvqt66s77m2uu2nj3uuwuaa._file

Result

Malware family:

n/a

Score:

8/10

Tags:

defense_evasion execution

Link:

https://tria.ge/reports/260606-yeb7fact4j/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

Hide Artifacts: Hidden Window

Checks computer location settings

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/02f021137074a7eb8059a84ffd92a4c0588b9ab09fbd2ffd9aa534d4ee94b500

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

js 02f021137074a7eb8059a84ffd92a4c0588b9ab09fbd2ffd9aa534d4ee94b500

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample