MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 baed6c4e0b11bf4da65b82ee030c3b6a4df4d520e1e3f804c26fb8f8ea3e61fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: baed6c4e0b11bf4da65b82ee030c3b6a4df4d520e1e3f804c26fb8f8ea3e61fc
SHA3-384 hash: 595b7acc555a17b833152cad6db81732135d31f528dfebc4cdaf2426dda2f4279621df72ad6e2b2e1acb7f42541da84e
SHA1 hash: 349e8471ed8b31ffe1415f5409dd0b52aca30e28
MD5 hash: c44f93ca9983d376b491259787874930
humanhash: nitrogen-south-potato-one
File name:screenshot.js
Download: download sample
File size:3'206 bytes
First seen:2024-01-20 22:05:08 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 96:xYQJVv8eANdASCta6w+HPcer5L4idkLiAIO/iAaAl:7xAHT0/PceK+Fc
TLSH T18E611A08E968676D8D406A68B44FA7A6D02CFDEC35BFE3899D84C5DCA8E46458FA1110
Reporter rmceoin
Tags:js


Avatar
rmceoin
Phishing email contained link to www.dropbox[.]com/scl/fi/sf8lc46q1rd9vc8n39dre/screenshot.js?rlkey=tczs6psnug14xagstfsxdp8lb&dl=1 which is where this came from.

Intelligence

File Origin
# of uploads :
1
# of downloads :
294
Origin country :
US US
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Exploit.HTML-Downloader.Gen.4735.23071.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug dropper evasive obfuscated packed
Link:
https://www.filescan.io/uploads/65ac43cb3a0cf312d5181903/reports/3d402406-5865-444a-bebb-11788777d33f/overview
Verdict:
Malicious
Labled as:
Exploit.HTML
Link:
https://www.hybrid-analysis.com/sample/baed6c4e0b11bf4da65b82ee030c3b6a4df4d520e1e3f804c26fb8f8ea3e61fc
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1378092
Signature
Benign windows process drops PE files
JScript performs obfuscated calls to suspicious functions
Machine Learning detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Tries to harvest and steal browser information (history, passwords, etc)
Uses known network protocols on non-standard ports
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Behaviour
Behavior Graph:
Download SVG
Score:
90%
Verdict:
Malware
File Type:
ASCII
Link:
https://malprob.io/report/baed6c4e0b11bf4da65b82ee030c3b6a4df4d520e1e3f804c26fb8f8ea3e61fc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/baed6c4e0b11bf4da65b82ee030c3b6a4df4d520e1e3f804c26fb8f8ea3e61fc/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-01-19 15:51:53 UTC
File Type:
Text (JavaScript)
AV detection:
7 of 23 (30.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xlwwytqlcg7u3js3qlxagdb3njg7jvja4hr7qbgcn64pr2r6mh6a._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/240120-1z2zpshhb3/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Blocklisted process makes network request
Downloads MZ/PE file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/baed6c4e0b11bf4da65b82ee030c3b6a4df4d520e1e3f804c26fb8f8ea3e61fc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Java Script (JS) js baed6c4e0b11bf4da65b82ee030c3b6a4df4d520e1e3f804c26fb8f8ea3e61fc

(this sample)

Executable exe 12f29ea6403f9c16a3f498d36eee4263465176c88e0b9f7a7e70e00a7b175bff

  
Dropping
SHA256 12f29ea6403f9c16a3f498d36eee4263465176c88e0b9f7a7e70e00a7b175bff
  
Delivery method
Distributed via e-mail link
  
Dropping
MD5 895e2eda726065f323f3723a2d1d8c23

Comments