MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b899673b927792615d4583738de9f4f07176d74c7591b38d58183c206dc0f127. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b899673b927792615d4583738de9f4f07176d74c7591b38d58183c206dc0f127
SHA3-384 hash: 53b064b8ddff2b4b84f42d79914e71ebc11bbbd6ae76975acf37b5312e94b792b7c6829137eb941a2cfb9fd00f69d7db
SHA1 hash: 325eba8d540c666d16dd50cc53d5f98ba1378412
MD5 hash: 725037496b3e195b5f3f4823e6f839f0
humanhash: johnny-mexico-fish-coffee
File name:List of Items Needed.js
Download: download sample
File size:74'934 bytes
First seen:2025-10-21 06:46:55 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 768:RhjU3+FpOCvB9+Qikaux/ux/ux/ux/ux/ucux/ux/ux/ux/ux/ux/t:RhIOFpOCvJvammmmmjmmmmmmt
Threatray 57 similar samples on MalwareBazaar
TLSH T1CA734A1263EF4218B6B7138D966F02385BB77E56153D815E029CB20A8FF39049D9A7F3
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Magika txt
Reporter ankit_anubhav
Tags:js

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
TH TH
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PUA.JS.Exec-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68f72c87ad6ce0f5ad403ef8
Tags:
xtreme shell sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug anti-vm base64 cscript evasive lolbin obfuscated powershell
Link:
https://www.filescan.io/uploads/68f72c923a79800405edafe4/reports/f39796c0-5e58-4f0c-978c-06cdb6553267/overview
Verdict:
Malicious
Labled as:
PowerShell/Obfuscated.BC trojan
Link:
https://www.hybrid-analysis.com/sample/b899673b927792615d4583738de9f4f07176d74c7591b38d58183c206dc0f127
Verdict:
Malicious
File Type:
js
First seen:
2025-10-20T08:13:00Z UTC
Last seen:
2025-10-21T13:33:00Z UTC
Hits:
~10
Detections:
PDM:Trojan.Win32.Generic Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/b899673b927792615d4583738de9f4f07176d74c7591b38d58183c206dc0f127/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b899673b927792615d4583738de9f4f07176d74c7591b38d58183c206dc0f127
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b899673b927792615d4583738de9f4f07176d74c7591b38d58183c206dc0f127/
Verdict:
Malicious
Threat:
Trojan.JS.SAgent
Link:
https://tip.neiki.dev/file/b899673b927792615d4583738de9f4f07176d74c7591b38d58183c206dc0f127
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xcmwoo4so6jgcxkfqnzy32pu6byxnv2mowi3hdkyda6ca3oa6etq._file
Verdict:
malicious
Label(s):
njrat
Create hunting rule
Similar samples:
00b11363c9cd9f5e944789c5c8c8f190cb8952e572fcad351c10a0ffe4809765
81553f2de290ddf3a7dd40e0a8877781c8ac8cfb0fe5d0159a2b3ce3eda4c6f6
b99755b5ef8145a14c9997d0702cad519f1768978c5b985da7bfc720d7de4152
cd0133076bb2594d02cc1a9ef7976ce41006ebc60c7f84b64a8199b4801f2ec5
dd0034d34e27eec19757f2d0b46c617fad9f461380aae7c79cb9cfd5f1df0a45
e7970266d974e4653952106e56856dbf4fa04f1ec03001c77b44c4648b1c9386
error
f7f52f6bbffa02fffcea30d5806050b7702a9a78dcbeae83e28c45d81aa1c4c4
ff25936286221005b27254e316c0622a3e828791a2988c163613475263127c0f
+ 47 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
defense_evasion discovery execution persistence privilege_escalation
Link:
https://tria.ge/reports/251021-hkdz8ahj6x/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Hide Artifacts: Ignore Process Interrupts
Suspicious use of SetThreadContext
Adds Run key to start application
Indicator Removal: File Deletion
Network Share Discovery
Checks computer location settings
Deletes itself
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Modifies Windows Firewall
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b899673b927792615d4583738de9f4f07176d74c7591b38d58183c206dc0f127

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link

Comments