MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 898577462fa7aab7e8e185c3266d7562954578e3bceaa11e694ce45f0434c347. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 898577462fa7aab7e8e185c3266d7562954578e3bceaa11e694ce45f0434c347
SHA3-384 hash: 6c79191379333c181f1eda56fd8eae0f670fa48b9914abfc9ff61d6db45b414bc0b82e98ca3e0c373ffe4c566bc17ee8
SHA1 hash: 7916e84f21a8e40adab2406b0cb702f1a56754e7
MD5 hash: c8f99acf01c1c911bb63a1bdf1efe7a6
humanhash: oscar-beer-ohio-colorado
File name:PLAĆANJE_68756.js
Download: download sample
Signature Formbook
Create hunting rule
File size:1'285'202 bytes
First seen:2026-01-16 16:34:08 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 96:clCguvD0oyFbHGvQnvh/jUcjTy8xc9LhaQ7sbIaWlgrlrtvBIVRIL0jLt9P0UPVJ:mje
Threatray 2'572 similar samples on MalwareBazaar
TLSH T13E558B15B0C96E424A7E2726E439274B8D0E88935CC7684FF173EAD7226D67A83FF015
Magika javascript
Reporter abuse_ch
Tags:FormBook js

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=696a68a757243ef151cd9a26
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm base64 base64 fingerprint obfuscated obfuscated overlay powershell repaired
Link:
https://www.filescan.io/uploads/696a68963dd9d20950575338/reports/5e6df837-2895-4620-9a55-2f182828ef91/overview
Verdict:
Malicious
Labled as:
JS/Agent.DGD7
Link:
https://www.hybrid-analysis.com/sample/898577462fa7aab7e8e185c3266d7562954578e3bceaa11e694ce45f0434c347
Verdict:
Malicious
File Type:
js
First seen:
2026-01-16T01:35:00Z UTC
Last seen:
2026-01-18T14:06:00Z UTC
Hits:
~1000
Detections:
Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic Trojan-Downloader.MSIL.Seraph.d Trojan-Downloader.MSIL.Agent.c Trojan.MSIL.Crypt.sb
Link:
https://opentip.kaspersky.com/898577462fa7aab7e8e185c3266d7562954578e3bceaa11e694ce45f0434c347/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1852190
Signature
.NET source code contains potential unpacker
Antivirus detection for URL or domain
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Creates processes via WMI
JavaScript source code contains functionality to generate code involving a shell, file or stream
Joe Sandbox ML detected suspicious sample
Malicious sample detected (through community Yara rule)
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: PowerShell Base64 Encoded Reflective Assembly Load
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Wscript starts Powershell (via cmd or directly)
Yara detected Powershell decode and execute
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Download SVG
Score:
6%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/898577462fa7aab7e8e185c3266d7562954578e3bceaa11e694ce45f0434c347
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/898577462fa7aab7e8e185c3266d7562954578e3bceaa11e694ce45f0434c347/
Verdict:
Malicious
Threat:
Family.REVERSELOADER
Link:
https://tip.neiki.dev/file/898577462fa7aab7e8e185c3266d7562954578e3bceaa11e694ce45f0434c347
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-01-16 13:11:27 UTC
File Type:
Binary
AV detection:
5 of 24 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rgcxorrpu6vlp2hbqxbsm3lvmkkuk6hdxtvkchtjjtsf6bbuyndq._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
2d69b310e05770207e0dfbc31f64586a5edefe9fa24ec1c66bada9d50a2f5d05
Formbook
37885dcfeb80c2b05f10cea621f603e64e8530b67ec2180d4d2b1e52ae38d6ae
Formbook
533da1872324407ac2f8ccee9315fd3848b9407fdb921236f9a350e0294795e7
Formbook
5c14e62176fe6f93827864b3359fc15f2f36a5d88cbab42799a9494f38137139
Formbook
68d22e4c9a51915c544363615ed5aeb6e1a1c910367c16de46cde01d89953674
Formbook
9f9a7fd9f0d602ab0170d36da2e78425d9b469c691bf45dbf66e490d39b4790a
Formbook
ab8f034b89a3f3f3c7a77d3e5824fd4e4deb9734aa650cc78b0c3001e93a2a48
Formbook
b7bb8b7264e4deecc1009400a76c2b8aa1e6c7d972f7908d9b0ab79cb6d788a1
Formbook
eb5c7c6370d533e6675ef2fb8b5f3f10cabc36584ddd3d3ad026af5266e84ed7
Formbook
error
Formbook
f9430e6f7fd4b2b62103cefb6766ce04b07e1be79b24ee7cdab934b913388335
Formbook
+ 2'562 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
execution
Link:
https://tria.ge/reports/260116-t3dmysav4e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Command and Scripting Interpreter: JavaScript
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Process spawned unexpected child process
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/898577462fa7aab7e8e185c3266d7562954578e3bceaa11e694ce45f0434c347

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments