MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0521fe4d7dd2fb540580f981fa28196c23f0dd694572172f183b7869c1c072b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Add tag Delete this sample Report a False Positive

SHA256 hash: 0521fe4d7dd2fb540580f981fa28196c23f0dd694572172f183b7869c1c072b5
SHA3-384 hash: 2321d31b7baa96c5b69fa1aefeb91ac9aaca41831f3e2e91bf61d2b406c34fce44c7601af578d5640f68edba279aa66b
SHA1 hash: ef78c857a658445688f98d7ed1d346834594295f
MD5 hash: 2d169c43c42f102d00f3c25e821b7199
humanhash: nebraska-harry-item-white
File name:javascript-deobfuscation-stages.zip
Download: download sample
Signature n/a
File size:37'430 bytes
First seen:2020-06-03 12:29:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:V+q/DjX0YjNY81UhIBog/kiPMehi9cCih+8csa/ui3EgJRy:EIDjkYje81iIXPHDCAPa/ui3EwRy
TLSH 0EF2F16D3A6C7D1D8DA72D2986E77C4C932240F8077A6E57FA080407583C4E0DB6EE79
Reporter @Libranalysis
Tags:deobfuscation javascript


Twitter
@Libranalysis
Automatic deobfuscation and analysis of this sample can be found here: https://maxkersten.nl/binary-analysis-course/analysis-scripts/javascript-string-concatenation-deobfuscation/

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
NL NL
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Threat name:
Script-JS.Trojan.Nemucod
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 12:36:04 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
7 of 48 (14.58%)
Threat level:
  2/5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments