MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2927bd11ed8d3fbadf7cb3960edf1cd30d1cf515853cb9c0fcad42fabce745d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2927bd11ed8d3fbadf7cb3960edf1cd30d1cf515853cb9c0fcad42fabce745d8
SHA3-384 hash: 92d6af5bd3fec04383d735b64b06001d66d430db9bf097992719dc2dec85f7cda35e031da8255e8fd2eb4f19dcfb350f
SHA1 hash: a45730bc3a7c4204abbb64630c0662ccd2966fe8
MD5 hash: 7760960d1284c167174465e92da4b9b8
humanhash: five-neptune-delaware-dakota
File name:license.js
Download: download sample
File size:67'143 bytes
First seen:2026-04-01 17:22:45 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 768:2RYalP2VEv0Vty22/etfhcdagg9dvrZJoFqQ:2GRVCgy22Kfud4dDAV
TLSH T1056342DF3FE1989232D4770359E71A2179000CAD75FAEC904C0EE6BA9AC3E11B559DA3
Magika javascript
Reporter JAMESWT_WT
Tags:js NKFZ5966PURCHASE

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
IT IT
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Other.Malware-gen.19776711.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69cd54803a18a6e1ddf062e1
Tags:
ransomware extens xtreme
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm base64 fingerprint repaired
Link:
https://www.filescan.io/uploads/69cd547fe2df9aa488c28d5a/reports/54b1b27d-0ca9-4854-a110-b30becfa9ce3/overview
Verdict:
Malicious
Labled as:
SVM:TrojanDownloader/JS.MalBehav.gen
Link:
https://www.hybrid-analysis.com/sample/2927bd11ed8d3fbadf7cb3960edf1cd30d1cf515853cb9c0fcad42fabce745d8
Verdict:
Malicious
File Type:
js
First seen:
2026-03-29T22:10:00Z UTC
Last seen:
2026-04-03T15:40:00Z UTC
Hits:
~10000
Link:
https://opentip.kaspersky.com/2927bd11ed8d3fbadf7cb3960edf1cd30d1cf515853cb9c0fcad42fabce745d8/results?tab=lookup
Score:
95%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2927bd11ed8d3fbadf7cb3960edf1cd30d1cf515853cb9c0fcad42fabce745d8
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2927bd11ed8d3fbadf7cb3960edf1cd30d1cf515853cb9c0fcad42fabce745d8/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-03-30 01:14:16 UTC
File Type:
Text (JavaScript)
AV detection:
9 of 36 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fet32epnru73vx34wola5xy42mgrz5ivqu6ltqh4vvbpvphhixma._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
defense_evasion execution persistence
Link:
https://tria.ge/reports/260401-vx7jhshw7z/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Suspicious use of SetThreadContext
Adds Run key to start application
Obfuscated Files or Information: Command Obfuscation
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Suspicious use of NtCreateUserProcessOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2927bd11ed8d3fbadf7cb3960edf1cd30d1cf515853cb9c0fcad42fabce745d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments