MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc9a9aeabf1702a9ea2775f5f6b4f8feef99f40fe54db013c3d783b2985dae8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PXRECVOWEIWOEI

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	cc9a9aeabf1702a9ea2775f5f6b4f8feef99f40fe54db013c3d783b2985dae8b
SHA3-384 hash:	4f3066c2289834f71dff28007acde861fe783962822d26d547d3ab73af9fbc40b0b200459a601f8fd6eaa15056511f22
SHA1 hash:	fe706a1cb77021f052f6b170aa48fdd3025c0ce9
MD5 hash:	4d16e8168c71595c3ca7c7e87dafe2ee
humanhash:	charlie-arkansas-massachusetts-sierra
File name:	Holiday_trip_site.js
Download:	download sample
Signature	PXRECVOWEIWOEI Create hunting rule
File size:	1'191'704 bytes
First seen:	2026-01-26 18:44:31 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	96:WH9wCu9ikvQkdgLih4zfPnLiPWwxStgDs6kuNkTgLik4YwY/Z6hnNiTwQhZuGfZG:Qj
Threatray	142 similar samples on MalwareBazaar
TLSH	T1BF4501F525B59A8227F3F668FD5A21A58D04C33410A7D8146382CDEDF7A069C7FB093A
Magika	javascript
Reporter	Anonymous
Tags:	js PXRECVOWEIWOEI

Intelligence

File Origin

# of uploads :

1

# of downloads :

102

Origin country :

US

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Score:

90.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6977b6706fa3eed1652f3c1b

Tags:

obfuscate xtreme shell

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm base64 fingerprint obfuscated powershell repaired

Link:

https://www.filescan.io/uploads/6977b65e4156786ccbd8714e/reports/79c97bcb-045d-45ab-a5a6-fa4d84d82a78/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/cc9a9aeabf1702a9ea2775f5f6b4f8feef99f40fe54db013c3d783b2985dae8b

Verdict:

Malicious

File Type:

js

First seen:

2026-01-26T02:42:00Z UTC

Last seen:

2026-01-28T11:46:00Z UTC

Hits:

~100

Detections:

Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic

Link:

https://opentip.kaspersky.com/cc9a9aeabf1702a9ea2775f5f6b4f8feef99f40fe54db013c3d783b2985dae8b/results?tab=lookup

Score:

17%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/cc9a9aeabf1702a9ea2775f5f6b4f8feef99f40fe54db013c3d783b2985dae8b

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cc9a9aeabf1702a9ea2775f5f6b4f8feef99f40fe54db013c3d783b2985dae8b/

Verdict:

Malicious

Threat:

Family.REVERSELOADER

Link:

https://tip.neiki.dev/file/cc9a9aeabf1702a9ea2775f5f6b4f8feef99f40fe54db013c3d783b2985dae8b

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zsnjv2v7c4bkt2rhox27nnhy73xzt5ap4vg3ae6d26b3fgc5v2fq._file

Verdict:

malicious

Label(s):

0bj3ctivitystealer

Similar samples:

5c34738a9e191e80277637f6f1deebfa842f8bd4f0d7633ab148313c64f8855f

8848e239974fd64817049eb47c0fe8075b14a54e02cd5c83362589648c9b2c09

9e54fdaa81f24b388c0b4e7defc9fb0f2d1bcaf2bab5b806e879e1ac9d19deaf

a65762b80a0786fc118a3ac10cc3d3cad0b3772694e85945ef03d8adf8fefc8b

b7bb8b7264e4deecc1009400a76c2b8aa1e6c7d972f7908d9b0ab79cb6d788a1

d37789af995529e2c3bbb9c4ed8fab17c457b30e75bff13765f3e88c4b4777fd

ec75f284102e3827f09cf9d4c646620f707657a977581064a0cea7a67d3e4896

f87dcded559755d3fb76f0ed3e861799294630844305128276fb1b6452ed7061

+ 132 additional samples on MalwareBazaar

Result

Malware family:

obj3ctivity

Score:

10/10

Tags:

family:obj3ctivity collection discovery execution persistence privilege_escalation stealer

Link:

https://tria.ge/reports/260126-xegaqafs3e/

Behaviour

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Browser Information Discovery

Command and Scripting Interpreter: JavaScript

Event Triggered Execution: Netsh Helper DLL

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Wi-Fi Discovery

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Detects Obj3ctivity Stage1

Obj3ctivity family

Obj3ctivity, PXRECVOWEIWOEI

Process spawned unexpected child process

Malware Config

Dropper Extraction:

https://res.cloudinary.com/dxxyxpqxg/image/upload/v1769187753/optimized_MSI_nthgyz.jpg

Malware family:

DnlibLoader

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/cc9a9aeabf17/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.55

Link:

https://yomi.yoroi.company/submissions/cc9a9aeabf1702a9ea2775f5f6b4f8feef99f40fe54db013c3d783b2985dae8b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample