MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 121d3291a543e6b775e76107c5bb499d9d6de2d46f08bce85f4348a19c6be1bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	121d3291a543e6b775e76107c5bb499d9d6de2d46f08bce85f4348a19c6be1bf
SHA3-384 hash:	60060de2d060ff0637eeda3dec9f44d756b2aecc2bd31b07b708b26e5515ab823314ccfd143ce1ccc48b76dfeed2d9ed
SHA1 hash:	6e1a10c031ee745ef18b839d4e19f2639a410eb7
MD5 hash:	4f7a1ac11a4904e22fa5b9b26ef1844a
humanhash:	bulldog-hot-william-helium
File name:	16689172077235609.js
Download:	download sample
Signature	StrelaStealer Alert Create hunting rule
File size:	772'910 bytes
First seen:	2024-11-18 01:07:53 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	6144:gZuLXxlJS7Liw4xWGQcFAXG2TLArg5mj6yiyPu2Bb7sCmVgxwqUXD+74E9kqzeqH:NYQ9dqdhKv
TLSH	T1C5F42C4E0E89B42D2DB908E6C8F83F941806CD9F10B265F6B7B579254DF908E5E071EE
Magika	css
Reporter	cocaman
Tags:	js StrelaStealer

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

500

Origin country :

CH

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

SecuriteInfo.com.BV.Agent-BYR.17594.26484.UNOFFICIAL

Alert

Create hunting rule

CyberFortress Malicious

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=673a949880d21948b0321541

Tags:

cryxos gumen

Hybrid Analysis Trojan.Cryxos.JS

Verdict:

Malicious

Labled as:

Trojan.Cryxos.JS

Link:

https://www.hybrid-analysis.com/sample/121d3291a543e6b775e76107c5bb499d9d6de2d46f08bce85f4348a19c6be1bf

Joe Sandbox Strela Downloader

Result

Threat name:

Strela Downloader

Alert

Create hunting rule

Detection:

malicious

Classification:

rans.troj.expl.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1557308

Signature

Encrypted powershell cmdline option found

JavaScript source code contains functionality to generate code involving a shell, file or stream

JScript performs obfuscated calls to suspicious functions

Multi AV Scanner detection for submitted file

Sigma detected: Potentially Suspicious PowerShell Child Processes

Sigma detected: WScript or CScript Dropper

Suspicious execution chain found

Uses known network protocols on non-standard ports

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Wscript starts Powershell (via cmd or directly)

Yara detected Strela Downloader

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

99%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/121d3291a543e6b775e76107c5bb499d9d6de2d46f08bce85f4348a19c6be1bf

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/121d3291a543e6b775e76107c5bb499d9d6de2d46f08bce85f4348a19c6be1bf/

ReversingLabs TitaniumCloud Script-JS.Trojan.Cryxos

Threat name:

Script-JS.Trojan.Cryxos

Alert

Create hunting rule

Status:

Malicious

First seen:

2024-11-18 01:07:56 UTC

File Type:

Text

AV detection:

4 of 38 (10.53%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ciotfenfiptlo5phmed4lo2jtwow3ywun4elz2c7inekdhdl4g7q._file

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  7/10

Tags:

defense_evasion execution

Link:

https://tria.ge/reports/241118-bg8bbsthmc/

Behaviour

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

Obfuscated Files or Information: Command Obfuscation

Checks computer location settings

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/121d3291a543e6b775e76107c5bb499d9d6de2d46f08bce85f4348a19c6be1bf