MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a2b96c9168f6e7a43a3278e4220cab546e263a4d1b6f469df0f938dac80c3b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

KoiLoader

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	0a2b96c9168f6e7a43a3278e4220cab546e263a4d1b6f469df0f938dac80c3b8
SHA3-384 hash:	92da8e1905d91b2d6e96144410de8112d7cac0a773854a300e52506ec4f5e782a05044918cc05ed9956ff531d66b08b9
SHA1 hash:	fc49886d6ba94041142692d8ce8fbb785ecdcd57
MD5 hash:	aec4ed9c8430a1d085c58d64f946ae09
humanhash:	whiskey-glucose-network-network
File name:	pororocage.js
Download:	download sample
Signature	KoiLoader Create hunting rule
File size:	1'146 bytes
First seen:	2024-06-04 06:59:43 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	24:iJF0EC+Czzf5j1IsVL+kUbgIbeQARsZX71PyvMiKMKM:ESEP8Vj6sVCRMKh3ZmMvZM
TLSH	T1342141520878EF8D46003689587EE96E8631730673D2F2F77428D685B720551848992A
Reporter	JAMESWT_WT
Tags:	45-154-204-97 js KoiLoader shalom-pt

Intelligence

File Origin

# of uploads :

# of downloads :

338

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.GT.JS.Acsogenixx.136.25A9DAB0.19031.12159.UNOFFICIAL

Verdict:

Malicious

Score:

95.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=665ed8779eda705504278464win7simulatehigh_evasion

Tags:

Banker Encryption Execution Pshelldldr Dexter

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/0a2b96c9168f6e7a43a3278e4220cab546e263a4d1b6f469df0f938dac80c3b8

Result

Verdict:

MALICIOUS

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1451575

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Sigma detected: WScript or CScript Dropper

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/0a2b96c9168f6e7a43a3278e4220cab546e263a4d1b6f469df0f938dac80c3b8

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0a2b96c9168f6e7a43a3278e4220cab546e263a4d1b6f469df0f938dac80c3b8/

Threat name:

Script-JS.Trojan.Acsogenixx

Status:

Malicious

First seen:

2024-06-04 06:54:29 UTC

File Type:

Text (JavaScript)

AV detection:

17 of 38 (44.74%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bivznsiwr5xhuq5de6heeigkwvdoey5e2g3pi2o7b6jy3leayo4a._file

Result

Malware family:

n/a

Score:

8/10

Tags:

execution

Link:

https://tria.ge/reports/240604-hsm8vsgh5t/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Command and Scripting Interpreter: PowerShell

Enumerates physical storage devices

Checks computer location settings

Blocklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0a2b96c9168f6e7a43a3278e4220cab546e263a4d1b6f469df0f938dac80c3b8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample