MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 764892433fc11dc14ec10608d16131c178f7750b4fc9f8075a94d3824687162f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 764892433fc11dc14ec10608d16131c178f7750b4fc9f8075a94d3824687162f
SHA3-384 hash: d49396b241909e021f9371c5f88184dd730d504b6d7fa609ceef0b517a7340391c7426e5037bc51e5981e75020a06675
SHA1 hash: ffb5a51e69b1b9a8e16c8de53b2b846aadebdd69
MD5 hash: 3bc9dd6238d9b52c47492ad93bc8b5c9
humanhash: sodium-september-mexico-island
File name:PO09352648.js
Download: download sample
File size:1'164'592 bytes
First seen:2026-02-01 07:40:34 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 192:xIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIR:bx
Threatray 465 similar samples on MalwareBazaar
TLSH T15E4511FB9DF7C0AF01F37200CB54A8D1CA5318FB7BA8AD01B2199790F1BA4149329676
Magika javascript
Reporter abuse_ch
Tags:js

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
SE SE
Vendor Threat Intelligence
Gathering data
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=697f0387848d0f834c8c5849
Tags:
ransomware obfuscate xtreme
Verdict:
Malicious
Labled as:
JS/Agent.DNO
Link:
https://www.hybrid-analysis.com/sample/764892433fc11dc14ec10608d16131c178f7750b4fc9f8075a94d3824687162f
Verdict:
Malicious
File Type:
js
First seen:
2026-01-31T05:43:00Z UTC
Last seen:
2026-02-02T06:19:00Z UTC
Hits:
~100
Detections:
Trojan-Downloader.JS.SLoad.sb HEUR:Trojan-Downloader.Script.Generic
Link:
https://opentip.kaspersky.com/764892433fc11dc14ec10608d16131c178f7750b4fc9f8075a94d3824687162f/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1861148
Signature
Antivirus detection for URL or domain
JScript performs obfuscated calls to suspicious functions
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: WScript or CScript Dropper
System process connects to network (likely due to code injection or exploit)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected Generic JS Downloader
Behaviour
Behavior Graph:
Download SVG
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/764892433fc11dc14ec10608d16131c178f7750b4fc9f8075a94d3824687162f
Verdict:
inconclusive
YARA:
1 match(es)
Link:
https://app.malva.re/file/3bc9dd6238d9b52c47492ad93bc8b5c9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/764892433fc11dc14ec10608d16131c178f7750b4fc9f8075a94d3824687162f/
Verdict:
Malicious
Threat:
Family.REVERSELOADER
Link:
https://tip.neiki.dev/file/764892433fc11dc14ec10608d16131c178f7750b4fc9f8075a94d3824687162f
Threat name:
Win32.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2026-01-31 13:09:05 UTC
File Type:
Binary
AV detection:
5 of 24 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ozejeqz7yeo4ctwbayencyjryf4po5ilj7e7qb22stjyeruhcyxq._file
Verdict:
malicious
Label(s):
phantomstealer
Create hunting rule
Similar samples:
071a363ec38e71da9d074123c50ea594969d28878da8e754a6b6f7684940e809
17ced68461c9666597e1de5d3a69a219ada895e35c382eae83bd3a41918cad78
414557952c390312ea3cafa3cd3c069ff072c40840277921391565b79c800456
8848e239974fd64817049eb47c0fe8075b14a54e02cd5c83362589648c9b2c09
8d950928f9492e19a346689b43c077047d1ca80211714ab9adebd300f8bd1c11
9e54fdaa81f24b388c0b4e7defc9fb0f2d1bcaf2bab5b806e879e1ac9d19deaf
a65762b80a0786fc118a3ac10cc3d3cad0b3772694e85945ef03d8adf8fefc8b
b7bb8b7264e4deecc1009400a76c2b8aa1e6c7d972f7908d9b0ab79cb6d788a1
dbbb1c1ad17996d18e3e28537e0188b204657e87b8cb495e05bdb36c75cae466
error
+ 455 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
execution
Link:
https://tria.ge/reports/260201-jhwb6ady6g/
Behaviour
Command and Scripting Interpreter: JavaScript
Badlisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.81
Link:
https://yomi.yoroi.company/submissions/764892433fc11dc14ec10608d16131c178f7750b4fc9f8075a94d3824687162f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments