MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8589ca999526f247db4d3902ade8a85619f8f82338c6230d1b935f413ddcb3d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c8589ca999526f247db4d3902ade8a85619f8f82338c6230d1b935f413ddcb3d
SHA3-384 hash: 27e75992f2fc5774a900e5672fd6158d889afc78d8c258c95f39071053e2238a6be95be7e98b47830e29b370aa73268a
SHA1 hash: 6e2ccdc883b46445b86c8ce9bcbaa186c916335c
MD5 hash: 5c65dd08f9591eb6c50b772f2d36e0d8
humanhash: charlie-kilo-california-monkey
File name:VfZUSQi6oerKau.js
Download: download sample
File size:901'738 bytes
First seen:2026-05-10 19:56:10 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 12288:fbRR0/10gHzYC/PLlFrRRq0B+q3TxZQ9eHjZYaAR3naDCZiAgwhomEXLktIjl3vE:t6/13nLXrPXx5jZYf
TLSH T1301539D42693D403B18D0A63BF057AECD03FA972AEC8E547E2A4759D28BC407D9B8DC5
Magika javascript
Reporter smica83
Tags:apt ChainShell js muddywater TsundereBot

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
HU HU
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.JS.BackDoor.93.11291.5893.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a01dbe7059cfdadce20d2be
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated repaired
Link:
https://www.filescan.io/uploads/6a00e2ecdf14f1cb2acf37f5/reports/c8eb04da-9eb5-48b6-9e2f-d9fa40502b41/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/c8589ca999526f247db4d3902ade8a85619f8f82338c6230d1b935f413ddcb3d
Verdict:
Malicious
File Type:
js
First seen:
2026-03-20T15:18:00Z UTC
Last seen:
2026-05-12T08:00:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.Script.Generic HEUR:Trojan.Script.Agent.gen
Link:
https://opentip.kaspersky.com/c8589ca999526f247db4d3902ade8a85619f8f82338c6230d1b935f413ddcb3d/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1911320
Signature
Multi AV Scanner detection for submitted file
Potential obfuscated javascript found
Sigma detected: WScript or CScript Dropper
Behaviour
Behavior Graph:
Download SVG
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/c8589ca999526f247db4d3902ade8a85619f8f82338c6230d1b935f413ddcb3d
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c8589ca999526f247db4d3902ade8a85619f8f82338c6230d1b935f413ddcb3d/
Verdict:
Malicious
Threat:
Trojan.Script.Agent
Link:
https://tip.neiki.dev/file/c8589ca999526f247db4d3902ade8a85619f8f82338c6230d1b935f413ddcb3d
Threat name:
Script-JS.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-03-04 16:43:26 UTC
File Type:
Text (JavaScript)
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zbmjzkmzkjxsi7nu2oicvxukqvqz7d4cgoggemgrxe27ie65zm6q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
execution
Link:
https://tria.ge/reports/260510-ynxjqshv9k/
Behaviour
Command and Scripting Interpreter: JavaScript
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c8589ca999526f247db4d3902ade8a85619f8f82338c6230d1b935f413ddcb3d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.jumpsec.com/guides/chainshell-muddywater-russian-criminal-infrastructure/

Comments