MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95f0470e625287d1bb15c7f7ddfac3f5b6799c003d5e826ba182f9558a656620. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SilentStealer

Vendor detections: 6

Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash:	95f0470e625287d1bb15c7f7ddfac3f5b6799c003d5e826ba182f9558a656620
SHA3-384 hash:	c8276216a99ff77859669f6cc1bb5dfc1319b298646354da72da4d020127cc8632638b828036ee58336ac77d875a17d9
SHA1 hash:	6bc8cb0be6b00d91b3ef9e8fcff117f4ee8c8bd9
MD5 hash:	96a98da0780d0d88936543ebcab74c73
humanhash:	florida-mobile-tango-chicken
File name:	crypted.js
Download:	download sample
Signature	SilentStealer Create hunting rule
File size:	2'586'185 bytes
First seen:	2025-12-11 21:51:35 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	24576:gyf0IyoJPqmlvhMxiQKnXK1HfoEi/h70NqTWbOwcwa+0DVxf/QHr06ZbkFkr60qu:gy3BZdsi+MTWK77i7dtk/sUai2oXy
TLSH	T183C52384AF4FADAC135CE1BB00FF5C6D50D14E4A5489E1E5F784E4E6E87F790862B2A0
Magika	javascript
Reporter	burger
Tags:	js payload SilentStealer

Intelligence

File Origin

# of uploads :

# of downloads :

117

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=693b3d0fbde6a3e597107efd

Tags:

n/a

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

obfuscated repaired

Link:

https://www.filescan.io/uploads/693b3d0e1eac7b9b76a69785/reports/cf8765bc-b28e-4bda-9e1c-af310746c5c6/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/95f0470e625287d1bb15c7f7ddfac3f5b6799c003d5e826ba182f9558a656620

Verdict:

Clean

File Type:

Link:

https://opentip.kaspersky.com/95f0470e625287d1bb15c7f7ddfac3f5b6799c003d5e826ba182f9558a656620/results?tab=lookup

Result

Threat name:

n/a

Detection:

suspicious

Classification:

n/a

Score:

22 / 100

Link:

https://www.joesandbox.com/analysis/1831260

Signature

Sigma detected: WScript or CScript Dropper

Behaviour

Behavior Graph:

Download SVG

Score:

95%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/95f0470e625287d1bb15c7f7ddfac3f5b6799c003d5e826ba182f9558a656620

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/95f0470e625287d1bb15c7f7ddfac3f5b6799c003d5e826ba182f9558a656620/

Verdict:

Clean

Link:

https://tip.neiki.dev/file/95f0470e625287d1bb15c7f7ddfac3f5b6799c003d5e826ba182f9558a656620

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=sxyeodtckkd5doyvy73536wd6w3hthaahvpie25bql4vlctfmyqa._file

Result

Malware family:

n/a

Score:

3/10

Tags:

execution

Link:

https://tria.ge/reports/251211-1q6arsgm7y/

Behaviour

Command and Scripting Interpreter: JavaScript

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/95f0470e625287d1bb15c7f7ddfac3f5b6799c003d5e826ba182f9558a656620

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries