MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4578976de46dbd2fb5ee7ca6d20804d37af7db60f3dbabe1debf3a32526204f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4578976de46dbd2fb5ee7ca6d20804d37af7db60f3dbabe1debf3a32526204f8
SHA3-384 hash: e41599e336e92582be9bb8201fafc95a8d2815808f0122101070c59f1cc80613b08ed4c97cb515f3ecdc68d796a6810e
SHA1 hash: c9fe0648b7a87404247a9cec7f0cc8612738b61f
MD5 hash: 5c90d7ec3d3397d17e8b1c84c7b9e9bf
humanhash: tennis-mirror-glucose-orange
File name:Browser_Update.zip
Download: download sample
File size:945 bytes
First seen:2024-11-06 04:43:43 UTC
Last seen:2024-11-06 06:58:14 UTC
File type: zip
MIME type:application/zip
ssdeep 12:5jRY7s8In71HP9NS+xQKdFRXZZdaJe1ssE1C6BcK10t8yStByMOyll4Vumayt:9iI8aR9NSC3HF8ULh6lnyzbMk
TLSH T1E51184A4650EEE46CE71041A020DF0948DBC405E13AD4A83347364DCB04A139FE5A511
Magika zip
Reporter 1ZRR4H
Tags:thegibson-co-za zip

Intelligence

File Origin
# of uploads :
2
# of downloads :
108
Origin country :
CL CL
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Browser_Update.js
File size:2'323 bytes
SHA256 hash: 723ee07a427be89e187187bce486d73f14016646c7b4b6c32700d9630d57202c
MD5 hash: b5edbfb0c99400144732ca949bfb8e52
MIME type:text/plain
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Malware.JS.YAV.Minerva.gbnir.9028.17589.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=672af6bb8d23d904913411aa
Tags:
powershell stration shell spawn
Result
Verdict:
Malicious
File Type:
JS File - Malicious
Link:
https://app.docguard.net/4578976de46dbd2fb5ee7ca6d20804d37af7db60f3dbabe1debf3a32526204f8/results/dashboard
Payload URLs
URL
File name
https://thegibson.co.za/sendBeacon?uu=
JS File
Behaviour
BlacklistAPI detected
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
lolbin wscript
Link:
https://www.filescan.io/uploads/672af4135972ad6a8aac00c0/reports/12fb6fb1-1be9-49f0-bc62-ac6423302f9e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/4578976de46dbd2fb5ee7ca6d20804d37af7db60f3dbabe1debf3a32526204f8
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/4578976de46dbd2fb5ee7ca6d20804d37af7db60f3dbabe1debf3a32526204f8
Score:
88%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/4578976de46dbd2fb5ee7ca6d20804d37af7db60f3dbabe1debf3a32526204f8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4578976de46dbd2fb5ee7ca6d20804d37af7db60f3dbabe1debf3a32526204f8/
Threat name:
Script-JS.Backdoor.Calisto
Create hunting rule
Status:
Malicious
First seen:
2024-11-06 04:44:04 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
3 of 38 (7.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iv4jo3penw6s7npopstnecae2n5ppw3a6pn2xyo6x45deutcat4a._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
execution spyware stealer
Link:
https://tria.ge/reports/241106-hyserswgll/
Behaviour
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Checks computer location settings
Reads user/profile data of web browsers
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments