MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c426915b181bc504a1baf2bc7e5d7103a29b81817595b654f92fe476b8058880. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	c426915b181bc504a1baf2bc7e5d7103a29b81817595b654f92fe476b8058880
SHA3-384 hash:	d8f4daf12f84f0186766dde5579e1e740ed8ea5be7545fae0db980928c666164aa2d90cd4ac6b9614ced9c80f6af2ccc
SHA1 hash:	bcce97e94c41650174774ca5cc7c6ecc49d57048
MD5 hash:	d93d3f4dc74a9275ccd77a94ad4ec031
humanhash:	vegan-alpha-eight-washington
File name:	FedEx Doc.js
Download:	download sample
File size:	1'080'610 bytes
First seen:	2026-02-16 15:06:07 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	384:J5s3ZNPrTEprs150rpPvLZ27OqMplwT4UY7m7hz31QBRE4:T
Threatray	415 similar samples on MalwareBazaar
TLSH	T1E23517B2B819E59C63C9E803D74C1BA39D4CF3074CE316A87C6846F7576A68C8667D38
Magika	javascript
Reporter	James_inthe_box
Tags:	exe js

Intelligence

File Origin

# of uploads :

1

# of downloads :

125

Origin country :

US

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.JS.Agent.DGD7.tr.12146.31581.UNOFFICIAL

Verdict:

Malicious

Score:

95.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=699332692715406c647a1d4a

Tags:

obfuscate xtreme virus

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm base64 base64 fingerprint masquerade obfuscated obfuscated opendir overlay powershell repaired

Link:

https://www.filescan.io/uploads/69933268552d46acbff37209/reports/f2a95629-9bcc-4986-86e3-e65c1496e79f/overview

Verdict:

Malicious

Labled as:

JS/Agent.DGD7

Link:

https://www.hybrid-analysis.com/sample/c426915b181bc504a1baf2bc7e5d7103a29b81817595b654f92fe476b8058880

Verdict:

Malicious

File Type:

js

Detections:

HEUR:Trojan.Script.Generic Trojan.JS.SAgent.sb

Link:

https://opentip.kaspersky.com/c426915b181bc504a1baf2bc7e5d7103a29b81817595b654f92fe476b8058880/results?tab=lookup

Score:

20%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/c426915b181bc504a1baf2bc7e5d7103a29b81817595b654f92fe476b8058880

Verdict:

inconclusive

YARA:

1 match(es)

Link:

https://app.malva.re/file/d93d3f4dc74a9275ccd77a94ad4ec031

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c426915b181bc504a1baf2bc7e5d7103a29b81817595b654f92fe476b8058880/

Verdict:

Malicious

Threat:

Family.REVERSELOADER

Link:

https://tip.neiki.dev/file/c426915b181bc504a1baf2bc7e5d7103a29b81817595b654f92fe476b8058880

Threat name:

Script-JS.Trojan.Generic

Status:

Suspicious

First seen:

2026-02-16 10:38:44 UTC

AV detection:

6 of 38 (15.79%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=yqtjcwyydpcqjin26k6h4xlraorjxambowk3mvhzf7shnoafrcaa._file

Verdict:

malicious

Label(s):

phantomstealer

Similar samples:

071a363ec38e71da9d074123c50ea594969d28878da8e754a6b6f7684940e809

17ced68461c9666597e1de5d3a69a219ada895e35c382eae83bd3a41918cad78

1e1a5e570fcc7175e7bf0cff282be1dfb5de613eb19d0a47d666c429ab7668b5

3e24bc53a54d730bc18f29a09e5bcbca55fa332d67a983a62bb39b12b4514f62

414557952c390312ea3cafa3cd3c069ff072c40840277921391565b79c800456

764892433fc11dc14ec10608d16131c178f7750b4fc9f8075a94d3824687162f

8f1056c686af9c05496ab2840c9751dab3e23a5d004b4793e62302fc0da5a821

c612385efecaca9ec7446fdc629d871a12fbcfca9ed45c653faf20361d3105c5

dbbb1c1ad17996d18e3e28537e0188b204657e87b8cb495e05bdb36c75cae466

+ 405 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

execution

Link:

https://tria.ge/reports/260216-sgvtnsax8b/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Command and Scripting Interpreter: JavaScript

Command and Scripting Interpreter: PowerShell

Process spawned unexpected child process

Malware Config

Dropper Extraction:

https://ia600603.us.archive.org/13/items/msi-pro-with-b-64_202602/MSI_PRO_with_b64.png

Malware family:

PhantomStealer

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/c426915b181b/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.55

Link:

https://yomi.yoroi.company/submissions/c426915b181bc504a1baf2bc7e5d7103a29b81817595b654f92fe476b8058880

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample