MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3529c06d0771eb00f68db35c2a65b95c6dbeaa5a3cf4ff3302d8dcfde84663c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	3529c06d0771eb00f68db35c2a65b95c6dbeaa5a3cf4ff3302d8dcfde84663c9
SHA3-384 hash:	e03c442c588635961075fda2f0a9c60b079f020840de795ac6f32a26c850295d30f36e764c7f54db9eb159cf09ce162e
SHA1 hash:	4d58a167591e6ea13cef48a0bf4aa867cbec9343
MD5 hash:	1ae624e661a571f48f54e4afc2cad8d9
humanhash:	connecticut-emma-coffee-zulu
File name:	потвърждение на платежно нареждане 2784-571_pdf.js
Download:	download sample
File size:	4'214'872 bytes
First seen:	2025-12-10 22:33:29 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	384:173bzeOtTeUZaoiKPoJRR23OXpGdq7qrMrQ74k9hZepfCw5he:l
TLSH	T1DC161452373A5061D8E2C2D1DBFD4D035AAA8E5FD690100C774A5BDD2BF7AACB05822F
Magika	javascript
Reporter	Anonymous
Tags:	js

Intelligence

File Origin

# of uploads :

# of downloads :

106

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Score:

90.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6939f568bde6a3e5971007a4

Tags:

obfuscate xtreme shell

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm base64 base64 fingerprint masquerade obfuscated obfuscated overlay powershell repaired

Link:

https://www.filescan.io/uploads/6939f5631eac7b9b76a4afe7/reports/e3531189-3ae7-4183-a5a2-2cf041b65d10/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/3529c06d0771eb00f68db35c2a65b95c6dbeaa5a3cf4ff3302d8dcfde84663c9

Verdict:

Malicious

File Type:

First seen:

2025-12-10T19:44:00Z UTC

Last seen:

2025-12-11T03:26:00Z UTC

Hits:

~10

Detections:

Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic

Link:

https://opentip.kaspersky.com/3529c06d0771eb00f68db35c2a65b95c6dbeaa5a3cf4ff3302d8dcfde84663c9/results?tab=lookup

Verdict:

inconclusive

YARA:

1 match(es)

Link:

https://app.malva.re/file/1ae624e661a571f48f54e4afc2cad8d9

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3529c06d0771eb00f68db35c2a65b95c6dbeaa5a3cf4ff3302d8dcfde84663c9/

Verdict:

Malicious

Threat:

Trojan.JS.SAgent

Link:

https://tip.neiki.dev/file/3529c06d0771eb00f68db35c2a65b95c6dbeaa5a3cf4ff3302d8dcfde84663c9

Threat name:

Script-JS.Packed.Generic

Status:

Suspicious

First seen:

2025-12-10 22:31:28 UTC

File Type:

Binary

AV detection:

8 of 38 (21.05%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=guu4a3ihohvqb5unwnocuznzlrw35ks2ht2p6myc3dop32cgmpeq._file

Result

Malware family:

n/a

Score:

10/10

Tags:

execution

Link:

https://tria.ge/reports/251210-2g5tbasnhm/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Command and Scripting Interpreter: JavaScript

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Process spawned unexpected child process

Malware Config

Dropper Extraction:

http://dn710107.ca.archive.org/0/items/msi-pro-with-b-64_20251208_1511/MSI_PRO_with_b64.png

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample