MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 158091ec92a3a91d7d2d29e6b867d47479d624bcae5f067cc80af4eff91c9729. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 158091ec92a3a91d7d2d29e6b867d47479d624bcae5f067cc80af4eff91c9729
SHA3-384 hash: 17029cd18fc9ab254e5d8016a7b4f750f877c811b0924faff7e46399c4fe3e56a8acc5b45b26ab078fb0b69f754ac18a
SHA1 hash: aaf49b7f38723095525c47cb221ff1576591aa74
MD5 hash: 958c8f4f9145a7d67692db172f73c650
humanhash: july-timing-romeo-mango
File name:deploy.js
Download: download sample
File size:3'228 bytes
First seen:2026-04-01 11:07:19 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:application/javascript
ssdeep 96:VkACd/PyTlpmUsF68Sq4LDB4ojEscdRa+RtkRi5L25Vx/i:y/d/PvU8oXcdRaSoeKi
TLSH T1FC617786077F2630D4A5579A8D1FD066B22BC1073345D9A0B5DCE6C86F8A560B2B3AF8
TrID 70.0% (.) Unix-like shebang (var.1) (gen) (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika javascript
Reporter JAMESWT_WT
Tags:js teampcp

Intelligence

File Origin
# of uploads :
1
# of downloads :
4
Origin country :
IT IT
Vendor Threat Intelligence
Gathering data
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69ccfc6a6363ca5d27f085d8
Tags:
virus worm
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
repaired
Link:
https://www.filescan.io/uploads/69cd238d972c219c8d750f48/reports/b17c708c-b7c3-4a7f-b283-f338148c28af/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/158091ec92a3a91d7d2d29e6b867d47479d624bcae5f067cc80af4eff91c9729
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-04-01T08:37:00Z UTC
Last seen:
2026-04-02T09:26:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/158091ec92a3a91d7d2d29e6b867d47479d624bcae5f067cc80af4eff91c9729/results?tab=lookup
Score:
2%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/158091ec92a3a91d7d2d29e6b867d47479d624bcae5f067cc80af4eff91c9729
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/158091ec92a3a91d7d2d29e6b867d47479d624bcae5f067cc80af4eff91c9729/
Threat name:
Script-JS.Worm.SupplyChain
Create hunting rule
Status:
Malicious
First seen:
2026-03-20 23:28:31 UTC
File Type:
Text (JavaScript)
AV detection:
11 of 36 (30.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cwajd3esuour27jnfhtlqz6uor45mjf4vzpqm7gibl2o76i4s4uq._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
antivm discovery execution linux
Link:
https://tria.ge/reports/260401-q7pz1af18x/
Behaviour
Command and Scripting Interpreter: JavaScript
Enumerates kernel/hardware configuration
Reads runtime system information
Checks CPU configuration
Reads CPU attributes
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.60
Link:
https://yomi.yoroi.company/submissions/158091ec92a3a91d7d2d29e6b867d47479d624bcae5f067cc80af4eff91c9729

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments