MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 903724d189708db9d352e19fc50735fc012cd4ae7e4fa15b7bcfddd5e3bf416d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 903724d189708db9d352e19fc50735fc012cd4ae7e4fa15b7bcfddd5e3bf416d
SHA3-384 hash: 186c476a73aab9cf65a4df92d8f478ad7f8036db491b5ddf063d1f7f7539f67d0847548d047bbbb2d6869ea56d6e0bce
SHA1 hash: fcc61d57597a4d87bf29bd025162d71e8d224b23
MD5 hash: d482abfbe90de012d454229a2f8d5415
humanhash: november-white-nineteen-social
File name:PROFORMA INV RAFEEQ TRADING #270427.002.txz
Download: download sample
File size:112'329 bytes
First seen:2026-06-09 06:16:36 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:R1nuie+NlFK39HPLv9WSvrxnvXn8b13C/HRbHne6ZK:7uie+hK39HPLvMSvmb1OxbHJK
TLSH T10FB312F329C95D7A82B63B186D410EBA1E323D0EFC3E52F6DD2584C6D0F508B8B60664
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter JAMESWT_WT
Tags:80-66-84-51 rar sergiotrabuccocineasta-com Spam-ITA


Avatar
JAMESWT_WT
hXXps://sergiotrabuccocineasta.com/3456789.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
IT IT
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:PROFORMA INV RAFEEQ TRADING #270427.js
File size:801'684 bytes
SHA256 hash: ff6bc22eb4abe070bf83a80f53e42fffe709de1b58d54a5a31e27656001e46ae
MD5 hash: cd0e9c3553a4db320e04ce656956a0eb
MIME type:text/plain
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/1a777748-04de-487c-9a07-20652122f499/
Detection(s):
Sanesecurity.Foxhole.JS_Rar_1.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-Rar-JS.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a27affe3e9eff6a6b68f3e9
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 conhost exploit obfuscated powershell repaired
Link:
https://www.filescan.io/uploads/6a27affa554e843ff865bb84/reports/0db0262d-8ce5-4535-9463-a0311bc0713c/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/903724d189708db9d352e19fc50735fc012cd4ae7e4fa15b7bcfddd5e3bf416d
Verdict:
Malicious
File Type:
rar
First seen:
2026-06-09T03:30:00Z UTC
Last seen:
2026-06-09T10:47:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/903724d189708db9d352e19fc50735fc012cd4ae7e4fa15b7bcfddd5e3bf416d/results?tab=lookup
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/903724d189708db9d352e19fc50735fc012cd4ae7e4fa15b7bcfddd5e3bf416d/
Verdict:
Malicious
Threat:
Trojan.Script
Link:
https://tip.neiki.dev/file/903724d189708db9d352e19fc50735fc012cd4ae7e4fa15b7bcfddd5e3bf416d
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sa3sjumjocg3tu2s4gp4kbzv7qaszvfopzh2cw33z7o5ly57ifwq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
defense_evasion execution
Link:
https://tria.ge/reports/260609-g9we5aew4r/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Obfuscated Files or Information: Command Obfuscation
Checks computer location settings
Badlisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/903724d189708db9d352e19fc50735fc012cd4ae7e4fa15b7bcfddd5e3bf416d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments