MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc82ac5aa6784a36bdf0d3aef1f61c3de78a2c92d2b89055aea8e9f36fd846f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc82ac5aa6784a36bdf0d3aef1f61c3de78a2c92d2b89055aea8e9f36fd846f5
SHA3-384 hash: 60f4764e10e7bde453845f7a3b935d39c4235d99a106f9d6921be7e0d12d6925036405cad642f23195d2977c890bfea9
SHA1 hash: dd167ba5fde2efde857be3f6a80354279af7414a
MD5 hash: 9ff561b8eafab948621470ffab74cb7a
humanhash: bravo-black-london-blue
File name:b7d2a540e591492a71fa7921fdb692187d62ffe44e341114ad58105db6cf6d8b
Download: download sample
File size:15'872 bytes
First seen:2026-04-01 11:07:02 UTC
Last seen:Never
File type: tar
MIME type:application/x-tar
ssdeep 192:Im/d/PvU8oXcdRaSoeKFaWc98YflKX0g9fJ8ISzsx471dUg8Rrp:IMvUdCRdokrt4uoxofhsr
TLSH T18D62EC576A7A5630C6A20777A9DFB0E09A2FF3073345F4A836DC82D44F8A51943F35A8
TrID 62.9% (.TAR/USTAR) TAR - Tape ARchive (POSIX) (17/3)
37.0% (.TAR) TAR - Tape ARchive (file) (10/3)
Magika tar
Reporter JAMESWT_WT
Tags:tar teampcp

Intelligence

File Origin
# of uploads :
1
# of downloads :
2
Origin country :
IT IT
File Archive Information

This file archive contains 4 file(s), sorted by their relevance:

File name:package.json
File size:287 bytes
SHA256 hash: e0e85b69d95caec2dab135a72a6561b9737ecac9710b0854007a5b453a3ee896
MD5 hash: 7bdb81fe97f2f71126ebe8dbe9deb9cd
MIME type:text/plain
File name:deploy.js
File size:3'228 bytes
SHA256 hash: 158091ec92a3a91d7d2d29e6b867d47479d624bcae5f067cc80af4eff91c9729
MD5 hash: 958c8f4f9145a7d67692db172f73c650
MIME type:application/javascript
File name:README.md
File size:3'282 bytes
SHA256 hash: 0ab9c9d76eaef6a5829742495ec205319e5f61ef8412d6c9d5685e6d130452c8
MD5 hash: ec5d033d12d5b71f7044acbc47d86fe1
MIME type:text/x-java
File name:index.js
File size:4'776 bytes
SHA256 hash: c37c0ae9641d2e5329fcdee847a756bf1140fdb7f0b7c78a40fdc39055e7d926
MD5 hash: 55405de62427ac56106f0fdb1c33dedd
MIME type:text/plain
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Script.SNH-gen.88199653.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69ccfc6a6363ca5d27f085d8
Tags:
virus worm
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
repaired soft-404
Link:
https://www.filescan.io/uploads/69cd2392972c219c8d750f5b/reports/5bd7dd83-bc09-4267-b6a1-8167b1ea6494/overview
Verdict:
Malicious
Labled as:
Trojan/JS.CanisterWorm
Link:
https://www.hybrid-analysis.com/sample/cc82ac5aa6784a36bdf0d3aef1f61c3de78a2c92d2b89055aea8e9f36fd846f5
Verdict:
Malicious
File Type:
tar
First seen:
2026-03-30T13:27:00Z UTC
Last seen:
2026-03-30T13:39:00Z UTC
Hits:
~10
Detections:
Trojan-Downloader.JS.Agent.asdgcg HEUR:Worm.Script.Generic HEUR:Worm.Script.Agent.gen
Link:
https://opentip.kaspersky.com/cc82ac5aa6784a36bdf0d3aef1f61c3de78a2c92d2b89055aea8e9f36fd846f5/results?tab=lookup
Score:
36%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/cc82ac5aa6784a36bdf0d3aef1f61c3de78a2c92d2b89055aea8e9f36fd846f5
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Tar Archive
Link:
https://app.malva.re/file/9ff561b8eafab948621470ffab74cb7a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc82ac5aa6784a36bdf0d3aef1f61c3de78a2c92d2b89055aea8e9f36fd846f5/
Threat name:
Archive-TAR.Worm.SupplyChain
Create hunting rule
Status:
Malicious
First seen:
2026-03-21 00:24:09 UTC
File Type:
Package (JavaScript)
Extracted files:
4
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zsbkywvgpbfdnppq2oxpd5q4hxtyules2k4javnovdu7g36yi32q._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
antivm discovery execution linux
Link:
https://tria.ge/reports/260401-s76nvsgz5z/
Behaviour
Command and Scripting Interpreter: JavaScript
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.60
Link:
https://yomi.yoroi.company/submissions/cc82ac5aa6784a36bdf0d3aef1f61c3de78a2c92d2b89055aea8e9f36fd846f5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments