MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73389bd12ebb6a2152c636bed8b9d0538d6f4ee042033c9b51d991fe8cf73a58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	73389bd12ebb6a2152c636bed8b9d0538d6f4ee042033c9b51d991fe8cf73a58
SHA3-384 hash:	7f0c32f2ade5245f978690e168202e0d3b68be5f3ae802b2d242055c2ea7727d63e05b9dd93ca869b7646f8f85a441b9
SHA1 hash:	44d1c7181bc87559e2cd72c7139772868881e929
MD5 hash:	65ac45e1ae194b6525c04cfe6e55b50c
humanhash:	three-zebra-oxygen-zebra
File name:	65ac45e1ae194b6525c04cfe6e55b50c.js
Download:	download sample
File size:	1'143'973 bytes
First seen:	2026-03-18 09:45:48 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	48:vZDeL6DpHWtXClgf5g1PBHNlObLBxjBc/TBxTl5N/wlN/wCR/wmnunIuxlBr5fui:SdlIVqrMTQEZNFObSPPpeYJLpS8
TLSH	T142350AF7CD05E5A56589E0CCE8C731A9AE08582FFA031CAB76D2879D84C337C99F9164
Magika	javascript
Reporter	abuse_ch
Tags:	js

Intelligence

File Origin

# of uploads :

# of downloads :

111

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Clean

Score:

82.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69ba74af93b644ca466b3edc

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm base64 evasive fingerprint formbook obfuscated obfuscated powershell repaired

Link:

https://www.filescan.io/uploads/69ba7480493cb7d62d03fa5c/reports/5bb2b4e2-48dd-4611-88a3-0aec80ccab04/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/73389bd12ebb6a2152c636bed8b9d0538d6f4ee042033c9b51d991fe8cf73a58

Verdict:

Malicious

File Type:

Detections:

Trojan.JS.SAgent.sb HEUR:Trojan.Script.SAgent.gen HEUR:Trojan.Script.Generic

Link:

https://opentip.kaspersky.com/73389bd12ebb6a2152c636bed8b9d0538d6f4ee042033c9b51d991fe8cf73a58/results?tab=lookup

Result

Threat name:

n/a

Detection:

malicious

Classification:

expl.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1885492

Signature

Antivirus detection for URL or domain

Creates processes via WMI

JavaScript source code contains functionality to generate code involving a shell, file or stream

Joe Sandbox ML detected suspicious sample

Loading BitLocker PowerShell Module

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sigma detected: PowerShell Base64 Encoded IEX Cmdlet

Sigma detected: WScript or CScript Dropper

Suspicious execution chain found

Suspicious powershell command line found

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Wscript starts Powershell (via cmd or directly)

Yara detected Powershell download and execute

Behaviour

Behavior Graph:

Download SVG

Score:

32%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/73389bd12ebb6a2152c636bed8b9d0538d6f4ee042033c9b51d991fe8cf73a58

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/73389bd12ebb6a2152c636bed8b9d0538d6f4ee042033c9b51d991fe8cf73a58/

Verdict:

Malicious

Threat:

Trojan.JS.SAgent

Link:

https://tip.neiki.dev/file/73389bd12ebb6a2152c636bed8b9d0538d6f4ee042033c9b51d991fe8cf73a58

Threat name:

Script-JS.Trojan.Generic

Status:

Suspicious

First seen:

2026-03-16 13:58:06 UTC

File Type:

Binary

AV detection:

8 of 36 (22.22%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=om4jxujoxnvccuwgg27nrooqkogw6txaiibtzg2r3gi75dhxhjma._file

Result

Malware family:

n/a

Score:

10/10

Tags:

execution

Link:

https://tria.ge/reports/260318-lryvrafv21/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Command and Scripting Interpreter: JavaScript

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Process spawned unexpected child process

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.55

Link:

https://yomi.yoroi.company/submissions/73389bd12ebb6a2152c636bed8b9d0538d6f4ee042033c9b51d991fe8cf73a58

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample