MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33f3ee11a5ee87c1e154b2f5fc4bd811a73327ebeb4ad20c901d1d29de3e0aca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33f3ee11a5ee87c1e154b2f5fc4bd811a73327ebeb4ad20c901d1d29de3e0aca
SHA3-384 hash: 46bc853c053a5415515c2441d640f0369b752b8c175a7f06d4cbbcd06761e052f77f8cd86f991cae8f90706a14aaa751
SHA1 hash: 41626c4d80a14a7f99642eadd18f7b554f359675
MD5 hash: 85ab906918e1f45498898dcdcf093c13
humanhash: delta-mirror-coffee-network
File name:Paid537389462449.js
Download: download sample
File size:3'692 bytes
First seen:2025-07-03 21:12:39 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 24:d1314jHdQElNqyjpZv1vg1p1Qq+hpCl6voMYIi8VU8rAOsVY1WOcX:mjnlgyTvOT8+Evop8/aOe
TLSH T12C71D20CAB713785F51210EFFCDCC7065D1C396DF32AECF2E16A69AF155044C6A24A96
Magika javascript
Reporter James_inthe_box
Tags:exe js

Intelligence

File Origin
# of uploads :
1
# of downloads :
21
Origin country :
US US
Vendor Threat Intelligence
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6866f267c9eb974737660152
Tags:
obfuscate xtreme extens
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated
Link:
https://www.filescan.io/uploads/6866f26b7423ff017c3f4260/reports/5e78c66f-ff84-416b-9ad3-593540612079/overview
Verdict:
Malicious
Labled as:
JS/TrojanDownloader.Agent
Link:
https://www.hybrid-analysis.com/sample/33f3ee11a5ee87c1e154b2f5fc4bd811a73327ebeb4ad20c901d1d29de3e0aca
Score:
54%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/33f3ee11a5ee87c1e154b2f5fc4bd811a73327ebeb4ad20c901d1d29de3e0aca
Verdict:
inconclusive
YARA:
1 match(es)
Tags:
DeObfuscated Obfuscated T1059.005 VBScript
Link:
https://app.malva.re/file/85ab906918e1f45498898dcdcf093c13
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/33f3ee11a5ee87c1e154b2f5fc4bd811a73327ebeb4ad20c901d1d29de3e0aca/
Threat name:
Win32.Dropper.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-07-03 21:12:37 UTC
File Type:
Text (JavaScript)
AV detection:
4 of 38 (10.53%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gpz64enf52d4dykuwl27ys6ycgttgj7l5nfnedeqduostxr6blfa._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery execution
Link:
https://tria.ge/reports/250703-z2tknssvbw/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Checks computer location settings
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
Malware Config
Dropper Extraction:
https://archive.org/download/universe-1733359315202-8750/universe-1733359315202-8750.jpg
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.08
Link:
https://yomi.yoroi.company/submissions/33f3ee11a5ee87c1e154b2f5fc4bd811a73327ebeb4ad20c901d1d29de3e0aca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments