MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89bfece0fa4499eb58fe0e112ef212e32fab31f1d14432eba8eb30dce89d1aba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 89bfece0fa4499eb58fe0e112ef212e32fab31f1d14432eba8eb30dce89d1aba
SHA3-384 hash: ba9089c4896e8b7fd7f28a432fef658bc08e798706a126b48f1ee54c231771910a57985483e5ffea06a46ba425ffef59
SHA1 hash: 6aba89bc0391d1ae04a2479ebbaf12d9f1af3499
MD5 hash: e8eeac1d79057adf62f728876f0fb6e1
humanhash: winner-mountain-arizona-lion
File name:2981425613_AWB Shiping Docs.JS
Download: download sample
File size:4'806'106 bytes
First seen:2026-05-12 20:42:40 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 98304:xeLIbuCbEiwKthDtxYBcxjMcrf8efN9Qn40pY/C3mvGivQXs/i5lo91/qQSEjDn6:x33thZxSORFqn40pYK2LT1YEjzqFugae
TLSH T1E3268C2C236CD7D2B5E9D736C81EFAF09A2D98176D94FE0520698A5CC684F03339C59B
Magika javascript
Reporter Anonymous
Tags:js

Intelligence

File Origin
# of uploads :
1
# of downloads :
120
Origin country :
US US
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.31320.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a0390e7aa2b27a55c89c878
Tags:
autoit cobalt emotet
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug autoit dropper evasive fingerprint keylogger obfuscated reconnaissance repaired
Link:
https://www.filescan.io/uploads/6a0390ec2fcb905ec2926baa/reports/e67f99ae-6c19-4aae-8439-9b821849730b/overview
Verdict:
Suspicious
Labled as:
JS/Agent.ECX
Link:
https://www.hybrid-analysis.com/sample/89bfece0fa4499eb58fe0e112ef212e32fab31f1d14432eba8eb30dce89d1aba
Result
Gathering data
Verdict:
Malicious
File Type:
js
First seen:
2026-05-12T04:57:00Z UTC
Last seen:
2026-05-12T09:34:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/89bfece0fa4499eb58fe0e112ef212e32fab31f1d14432eba8eb30dce89d1aba/results?tab=lookup
Gathering data
Detection:
remcos
Create hunting rule
Link:
https://mwdb.cert.pl/sample/89bfece0fa4499eb58fe0e112ef212e32fab31f1d14432eba8eb30dce89d1aba/
Verdict:
Malicious
Threat:
Trojan.Script.Obfus
Link:
https://tip.neiki.dev/file/89bfece0fa4499eb58fe0e112ef212e32fab31f1d14432eba8eb30dce89d1aba
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rg76zyh2ism6wwh6byis54qs4mx2wmpr2fcdf25i5mynz2e5dk5a._file
Result
Malware family:
remcos
Create hunting rule
Score:
  10/10
Tags:
family:donutloader family:remcos botnet:remotehost discovery execution loader rat
Link:
https://tria.ge/reports/260512-zhqpnsdx2q/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Checks computer location settings
Executes dropped EXE
Detects DonutLoader
Family: DonutLoader
Family: Remcos
Malware Config
C2 Extraction:
103.83.87.8:1515
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/89bfece0fa4499eb58fe0e112ef212e32fab31f1d14432eba8eb30dce89d1aba

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments