MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 acdcb9c983097692f5c05f1a374122c198cb6cb8f7901e34e08969db2a4e4f2a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	acdcb9c983097692f5c05f1a374122c198cb6cb8f7901e34e08969db2a4e4f2a
SHA3-384 hash:	c3b97803fa4e3681ec99696bbc21aba090b8928aabfaea1491e8ee19e133b824ec29fe3c847a5fd95d1a90e94d51e284
SHA1 hash:	e9ad59b7e17cab1ad193e520066bb0713b0f340c
MD5 hash:	0ca3c58baf873ff4d2b68bb9bf7ef226
humanhash:	jupiter-uncle-skylark-ten
File name:	Confirmacion de pago_6162026.js
Download:	download sample
File size:	3'764'928 bytes
First seen:	2026-06-16 16:03:40 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	98304:dGzU82cKb0dZ306JO94EktvF55tzj9FHtz8wpbv5jNliPzMZ25gxDks+I1tHFmaA:dGzFKb0dZ30664LPBTHtz8ebv5SMdxCr
TLSH	T1C106A3610394D632F3246B9D1679BD24640E588B58FAEB0135AED774323DC33A37A7E2
Magika	txt
Reporter	James_inthe_box
Tags:	exe js

Intelligence

File Origin

# of uploads :

# of downloads :

166

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

Sanesecurity.Malware.31320.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a31741a54a045c34089b010

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug dropper evasive obfuscated obfuscated packed repaired

Link:

https://www.filescan.io/uploads/6a3174161f652d686584478e/reports/aea50cfb-8177-4c80-9e4b-32fee28056f6/overview

Verdict:

Suspicious

Labled as:

JS/Agent.ECX

Link:

https://www.hybrid-analysis.com/sample/acdcb9c983097692f5c05f1a374122c198cb6cb8f7901e34e08969db2a4e4f2a

Verdict:

Malicious

File Type:

First seen:

2026-06-16T10:27:00Z UTC

Last seen:

2026-06-18T14:18:00Z UTC

Hits:

~1000

Detections:

PDM:Trojan.Win32.Generic HEUR:Trojan.Script.Generic HEUR:Trojan-Dropper.Script.Generic HEUR:Trojan-Downloader.Script.Generic Trojan-Downloader.JS.Cryptoload.sb

Link:

https://opentip.kaspersky.com/acdcb9c983097692f5c05f1a374122c198cb6cb8f7901e34e08969db2a4e4f2a/results?tab=lookup

Score:

98%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/acdcb9c983097692f5c05f1a374122c198cb6cb8f7901e34e08969db2a4e4f2a

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/acdcb9c983097692f5c05f1a374122c198cb6cb8f7901e34e08969db2a4e4f2a/

Verdict:

Malicious

Threat:

Trojan-Downloader.JS.Cryptoload

Link:

https://tip.neiki.dev/file/acdcb9c983097692f5c05f1a374122c198cb6cb8f7901e34e08969db2a4e4f2a

Threat name:

Script-JS.Trojan.Cryxos

Status:

Malicious

First seen:

2026-06-16 14:09:31 UTC

File Type:

Binary

AV detection:

13 of 24 (54.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=vtoltsmdbf3jf5oal4ndoqjcygmmw3fy66ib4nharfu5wksoj4va._file

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery execution

Link:

https://tria.ge/reports/260616-th9vnaf19z/

Behaviour

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks computer location settings

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.70

Link:

https://yomi.yoroi.company/submissions/acdcb9c983097692f5c05f1a374122c198cb6cb8f7901e34e08969db2a4e4f2a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample