MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0e20b5136c9d7ee37bb7c9e044e46f4a29049038ec3543156c1e84c7bd6f062. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0e20b5136c9d7ee37bb7c9e044e46f4a29049038ec3543156c1e84c7bd6f062
SHA3-384 hash: 6ec07f7e7c9f4b64616cc06806acefe12aa722237a2a07b0553520b8c05ee31b9370e4dcc5ceac36394e5d87790b5e25
SHA1 hash: b4768ba940646c24089ffc39be4302422953f085
MD5 hash: 1407a9f096d7c135b546d53c6c263c2b
humanhash: solar-music-friend-aspen
File name:3license.js
Download: download sample
File size:67'894 bytes
First seen:2026-04-01 17:25:30 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 1536:9DY1W7hRgiED0sUPoFm7942OkRWvEzu++xXXzNeN7IwIoCgy22Kfud4dDAV:9DY1W7hRgiED0sUPoFm7942OkRWvEzuh
TLSH T1E06332F0CEDD44D415C37C08A9EE627F7847E082B818376ADC8A56BEE24C65907D93B6
Magika javascript
Reporter JAMESWT_WT
Tags:js NKFZ5966PURCHASE

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
IT IT
Vendor Threat Intelligence
Gathering data
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69cd55423a18a6e1ddf06395
Tags:
ransomware extens xtreme
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm base64 divergent fingerprint repaired
Link:
https://www.filescan.io/uploads/69cd553b2346b9da57b76fd7/reports/3979c3be-7b2c-4933-ac2b-16888270d426/overview
Verdict:
Malicious
Labled as:
GT:JS.Divergent.3
Link:
https://www.hybrid-analysis.com/sample/b0e20b5136c9d7ee37bb7c9e044e46f4a29049038ec3543156c1e84c7bd6f062
Result
Gathering data
Verdict:
Malicious
File Type:
js
First seen:
2026-03-29T21:51:00Z UTC
Last seen:
2026-04-01T13:47:00Z UTC
Hits:
~1000
Link:
https://opentip.kaspersky.com/b0e20b5136c9d7ee37bb7c9e044e46f4a29049038ec3543156c1e84c7bd6f062/results?tab=lookup
Score:
94%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b0e20b5136c9d7ee37bb7c9e044e46f4a29049038ec3543156c1e84c7bd6f062
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b0e20b5136c9d7ee37bb7c9e044e46f4a29049038ec3543156c1e84c7bd6f062/
Threat name:
Win32.Trojan.Divergent
Create hunting rule
Status:
Malicious
First seen:
2026-03-30 00:57:52 UTC
File Type:
Text (JavaScript)
AV detection:
11 of 36 (30.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wdrawujwzhl64n53pspaitsg6srjasidr3bvimkwyhuey66w6bra._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
defense_evasion execution persistence
Link:
https://tria.ge/reports/260401-vzzaxshw8x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Suspicious use of SetThreadContext
Adds Run key to start application
Obfuscated Files or Information: Command Obfuscation
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Suspicious use of NtCreateUserProcessOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b0e20b5136c9d7ee37bb7c9e044e46f4a29049038ec3543156c1e84c7bd6f062

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments