MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17f372ea1ed18ea77a4d9af0e0c2faca2beacc1783c6147aa2d4a4fa2f6c9930. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 17f372ea1ed18ea77a4d9af0e0c2faca2beacc1783c6147aa2d4a4fa2f6c9930
SHA3-384 hash: 7bdd1931470948041e2749edfe06ce360ccd2a75a3a9cf06c5cac805b11b74d971a74284135a3f901a73ef579c2148b2
SHA1 hash: 09beadce42f3a2ab0b4aae5393e53bcd04be3ecc
MD5 hash: 94004c1f27bdcc9d151c012f7509a053
humanhash: nevada-freddie-delaware-seven
File name:tooltipster.bundle.min.js
Download: download sample
File size:32'042 bytes
First seen:2023-09-13 22:42:35 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 768:h9f12cCAohRZ7Nygwi0xWOxzuWmDZ/JP6KPCDA2ZmnhSrJZ0b0+hu/zU1M4dsoCw:zQnZT0jSWmDB3iwbDldwNOAHi
TLSH T19CE2B742B7C038D84AC797E2771BB0E9E4AF14673C989C9AF151BC909ED4618E7E9D30
Reporter vovaan
Tags:js MageCart obfuscated sniffer


Avatar
vovaan
https://www.virustotal.com/gui/file/17f372ea1ed18ea77a4d9af0e0c2faca2beacc1783c6147aa2d4a4fa2f6c9930

Intelligence

File Origin
# of uploads :
1
# of downloads :
331
Origin country :
CH CH
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.JS.CardStealer-DS.16513.267.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/65023af7829c3479a05e77f2/reports/907922ec-16c1-4cf2-bc38-5f7bdfb2b8f7/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/17f372ea1ed18ea77a4d9af0e0c2faca2beacc1783c6147aa2d4a4fa2f6c9930
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1307827
Signature
Antivirus detection for URL or domain
Potential obfuscated javascript found
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/17f372ea1ed18ea77a4d9af0e0c2faca2beacc1783c6147aa2d4a4fa2f6c9930/
Threat name:
Script-JS.Trojan.CardStealer
Create hunting rule
Status:
Malicious
First seen:
2023-09-13 22:43:05 UTC
File Type:
Text (JavaScript)
AV detection:
4 of 38 (10.53%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c7zxf2q62ghko6sntlyobqx2ziv6vtaxqpdbi6vc2sspul3mteya._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230913-2m8gdsaa43/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/17f372ea1ed18ea77a4d9af0e0c2faca2beacc1783c6147aa2d4a4fa2f6c9930

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Java Script (JS) js 17f372ea1ed18ea77a4d9af0e0c2faca2beacc1783c6147aa2d4a4fa2f6c9930

(this sample)

  
Link
https://www.criminalaffair.com/wp-admin/admin-ajax.php
  
Dropped by
MageCart
  
Delivery method
Distributed via web download

Comments