MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d2a2c2695bc838b3d43c8d300427111005186f6e9dfee24bf8a8136e705bcd5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 1 File information Comments

SHA256 hash:	5d2a2c2695bc838b3d43c8d300427111005186f6e9dfee24bf8a8136e705bcd5
SHA3-384 hash:	f8d9bfd6997a5035fb2b7ddb0b99c03373ad6622ac5795bae05fb23c33f92bf2c7688942342ccfbc4d52a3cb346a28a7
SHA1 hash:	eb5130cc5cd847568a1bdf23d917734e025ecc53
MD5 hash:	0ba251b9e0ca0d93954abbaaa9365590
humanhash:	helium-five-texas-arkansas
File name:	PO-000806758_Bita_Supply_pdf.js
Download:	download sample
File size:	1'076'938 bytes
First seen:	2026-05-19 12:14:39 UTC
Last seen:	2026-05-20 05:56:08 UTC
File type:	js
MIME type:	text/plain
ssdeep	12288:aFMY0Prb+UcJajWZSO9low60/l+qvgBf9JxEczh9vEj:aFMY0SajWZSeYjPHPvW
Threatray	37 similar samples on MalwareBazaar
TLSH	T155351029DBE90319F5F38BD0BDB44452A83EFF66291DC95C1190068D0672A0DE9B9B3F
TrID	66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1) 33.3% (.MP3) MP3 audio (1000/1)
Magika	javascript
Reporter	JAMESWT_WT
Tags:	51-89-204-80 js solar-sanat-net Spam-ITA

Intelligence

File Origin

# of uploads :

# of downloads :

127

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.JS.Starter.164.27114.30599.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a0c54714159ce11f6014f44

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 encrypted masquerade obfuscated repaired

Link:

https://www.filescan.io/uploads/6a0c5471efbd399b39bace9a/reports/a722de61-09fa-4372-b6d8-94f75d84b354/overview

Verdict:

Malicious

Labled as:

Generik.CMEWSMK trojan

Link:

https://www.hybrid-analysis.com/sample/5d2a2c2695bc838b3d43c8d300427111005186f6e9dfee24bf8a8136e705bcd5

Verdict:

Malicious

File Type:

First seen:

2026-05-18T06:37:00Z UTC

Last seen:

2026-05-21T10:45:00Z UTC

Hits:

~1000

Detections:

HEUR:Trojan.Script.Generic

Link:

https://opentip.kaspersky.com/5d2a2c2695bc838b3d43c8d300427111005186f6e9dfee24bf8a8136e705bcd5/results?tab=lookup

Score:

64%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/5d2a2c2695bc838b3d43c8d300427111005186f6e9dfee24bf8a8136e705bcd5

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5d2a2c2695bc838b3d43c8d300427111005186f6e9dfee24bf8a8136e705bcd5/

Verdict:

Malicious

Threat:

Trojan.Script

Link:

https://tip.neiki.dev/file/5d2a2c2695bc838b3d43c8d300427111005186f6e9dfee24bf8a8136e705bcd5

Threat name:

Script-JS.Trojan.Malgent

Status:

Malicious

First seen:

2026-05-18 13:22:28 UTC

File Type:

Text (JavaScript)

AV detection:

11 of 24 (45.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=luvcyjuvxsbywpkdzdjqaqtrceafdbxw5hp64jf7rkatnzyfxtkq._file

Verdict:

malicious

Label(s):

purecrypter

stubrunner

358346be7566fc2ffb13141eabc5af270a9e0e8f71fa99aebc6a5b5d6281a101

3defedb00eacf41a0ada69c1382f13a694c762281c62dcd6eb7a149f311723cc

500592a2cfd2536eeac2bd102bd56bb2c5f5fb4aff3c15239c6b9b8113c5f2d7

9b6b53ffc24cf8ca9350321c1b073a7ff034eca45020453af607be0d455d47dd

9d34b9747ceb4a2a40f23df7e3f91fa3a96cac6f1931cdb2081ca5b84a81c6cc

d218c6a408aac1ed96d166aa142c4535726af2767bbf473859df0e1091b9be81

dbcf961fa63cec5fc675bd20be2b3ebe3a71d2fcd11a4e0aacb1e991de9c184f

e62b4c831554c333c470bbbdefc269d87c23c86f5e8c975b16b76deb27e0a7e6

error

+ 27 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

collection discovery execution persistence

Link:

https://tria.ge/reports/260519-persfsbx3z/

Behaviour

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Browser Information Discovery

Command and Scripting Interpreter: JavaScript

Command and Scripting Interpreter: PowerShell

Enumerates physical storage devices

System Time Discovery

Drops file in Windows directory

Accesses Microsoft Outlook profiles

Checks computer location settings

Registers new Windows logon scripts automatically executed at logon.

Badlisted process makes network request

Downloads MZ/PE file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5d2a2c2695bc838b3d43c8d300427111005186f6e9dfee24bf8a8136e705bcd5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	telebot_framework Create hunting rule
Author:	vietdx.mb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample