MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16f331e6c7c5ec95bdd763d83516bb540e84aa165416a63861c9b3dd523a1905. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	16f331e6c7c5ec95bdd763d83516bb540e84aa165416a63861c9b3dd523a1905
SHA3-384 hash:	5b4ce11f5d41506b1f8ff9be90a2475978f7883587039e5fbafec64bb9b65a9361e29356478145804e9f8420e0d49fc0
SHA1 hash:	73b58faf19cf7ab24890d402dd0845fb86a06150
MD5 hash:	74bd0ec6cfda518912e048ca3069e5ae
humanhash:	floor-butter-vegan-potato
File name:	payment.js
Download:	download sample
File size:	1'177'671 bytes
First seen:	2026-02-16 15:08:09 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	96:XjTzuYI0Ukx15UyNIGQlabcvxxhZ8z2z20Wo303vnWwLRGXNwMVu0HOTGe9D6IYi:XjXuYL9H7wmiB248KejtSDC
Threatray	418 similar samples on MalwareBazaar
TLSH	T1D845127C52639CDA0DDA78758ED476CCE7109B23E0FF4EA17884CDA6929035C84F8B99
Magika	javascript
Reporter	James_inthe_box
Tags:	exe js

Intelligence

File Origin

# of uploads :

1

# of downloads :

120

Origin country :

US

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.JS.Agent.DGD7.tr.4167.1200.UNOFFICIAL

Verdict:

Malicious

Score:

95.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=699332e20d0369ff9979e8a2

Tags:

obfuscate xtreme virus

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm base64 base64 fingerprint masquerade obfuscated obfuscated opendir overlay powershell repaired

Link:

https://www.filescan.io/uploads/699332df981ff1d38a57ab69/reports/261e4f6a-eafd-4c97-bd0a-e47f19ffea5d/overview

Verdict:

Malicious

Labled as:

JS/Agent.DGD7

Link:

https://www.hybrid-analysis.com/sample/16f331e6c7c5ec95bdd763d83516bb540e84aa165416a63861c9b3dd523a1905

Verdict:

Malicious

File Type:

js

Detections:

Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic

Link:

https://opentip.kaspersky.com/16f331e6c7c5ec95bdd763d83516bb540e84aa165416a63861c9b3dd523a1905/results?tab=lookup

Score:

7%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/16f331e6c7c5ec95bdd763d83516bb540e84aa165416a63861c9b3dd523a1905

Verdict:

inconclusive

YARA:

1 match(es)

Link:

https://app.malva.re/file/74bd0ec6cfda518912e048ca3069e5ae

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/16f331e6c7c5ec95bdd763d83516bb540e84aa165416a63861c9b3dd523a1905/

Verdict:

Malicious

Threat:

Family.REVERSELOADER

Link:

https://tip.neiki.dev/file/16f331e6c7c5ec95bdd763d83516bb540e84aa165416a63861c9b3dd523a1905

Threat name:

Win32.Trojan.Znyonm

Status:

Malicious

First seen:

2026-02-16 11:18:52 UTC

AV detection:

7 of 24 (29.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=c3ztdzwhyxwjlpoxmpmdkfv3kqhijkqwkqlkmodbzgz52ur2decq._file

Verdict:

malicious

Label(s):

phantomstealer

Similar samples:

071a363ec38e71da9d074123c50ea594969d28878da8e754a6b6f7684940e809

17ced68461c9666597e1de5d3a69a219ada895e35c382eae83bd3a41918cad78

1e1a5e570fcc7175e7bf0cff282be1dfb5de613eb19d0a47d666c429ab7668b5

3e24bc53a54d730bc18f29a09e5bcbca55fa332d67a983a62bb39b12b4514f62

414557952c390312ea3cafa3cd3c069ff072c40840277921391565b79c800456

764892433fc11dc14ec10608d16131c178f7750b4fc9f8075a94d3824687162f

8f1056c686af9c05496ab2840c9751dab3e23a5d004b4793e62302fc0da5a821

c612385efecaca9ec7446fdc629d871a12fbcfca9ed45c653faf20361d3105c5

dbbb1c1ad17996d18e3e28537e0188b204657e87b8cb495e05bdb36c75cae466

+ 408 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

execution

Link:

https://tria.ge/reports/260216-sh1fjsay4f/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Command and Scripting Interpreter: JavaScript

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Process spawned unexpected child process

Malware Config

Dropper Extraction:

https://ia600603.us.archive.org/13/items/msi-pro-with-b-64_202602/MSI_PRO_with_b64.png

Malware family:

PhantomStealer

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/16f331e6c7c5/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.55

Link:

https://yomi.yoroi.company/submissions/16f331e6c7c5ec95bdd763d83516bb540e84aa165416a63861c9b3dd523a1905

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample