MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d37789af995529e2c3bbb9c4ed8fab17c457b30e75bff13765f3e88c4b4777fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PXRECVOWEIWOEI

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	d37789af995529e2c3bbb9c4ed8fab17c457b30e75bff13765f3e88c4b4777fd
SHA3-384 hash:	6247f3b394f8da9aafd51c78fa2a35f319c1f4b34efed9f19f47d1c8142f4825741ca0d948a7c229f6fbc39ec5a1a524
SHA1 hash:	8468571060a621c0d55127df35ba6cf7395b3fea
MD5 hash:	5c24bc73025b64e285f118c49420b6d1
humanhash:	maryland-tennessee-carpet-lactose
File name:	BOOKING_GUEST_LIST.js
Download:	download sample
Signature	PXRECVOWEIWOEI Create hunting rule
File size:	4'658'395 bytes
First seen:	2026-01-12 15:16:47 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	384:ZSLBGZH8LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLg:l
Threatray	88 similar samples on MalwareBazaar
TLSH	T1DC26D69047181905E5BFB6862ED4F0AE9AA867FC1427283E360933C1FE7116DCD7BB91
Magika	javascript
Reporter	Anonymous
Tags:	js PXRECVOWEIWOEI

Intelligence

File Origin

# of uploads :

# of downloads :

108

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Score:

91.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69649548946a855b103e7092

Tags:

obfuscate xtreme shell

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm base64 base64 fingerprint obfuscated obfuscated overlay powershell repaired

Link:

https://www.filescan.io/uploads/6965108907ef5fa68e85a285/reports/e111866a-a675-4ef1-b6ad-2fe8ee8be9ca/overview

Verdict:

Malicious

Labled as:

JS_TrojanDownloader_Agent_ADUF

Link:

https://www.hybrid-analysis.com/sample/d37789af995529e2c3bbb9c4ed8fab17c457b30e75bff13765f3e88c4b4777fd

Verdict:

Malicious

File Type:

First seen:

2026-01-11T16:55:00Z UTC

Last seen:

2026-01-14T12:48:00Z UTC

Hits:

~100

Detections:

Trojan.JS.SAgent.sb HEUR:Trojan.Script.SAgent.gen HEUR:Trojan.Script.Generic

Link:

https://opentip.kaspersky.com/d37789af995529e2c3bbb9c4ed8fab17c457b30e75bff13765f3e88c4b4777fd/results?tab=lookup

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d37789af995529e2c3bbb9c4ed8fab17c457b30e75bff13765f3e88c4b4777fd/

Verdict:

Malicious

Threat:

Family.OBJ3CTIVITY

Link:

https://tip.neiki.dev/file/d37789af995529e2c3bbb9c4ed8fab17c457b30e75bff13765f3e88c4b4777fd

Threat name:

Script-JS.Trojan.Generic

Status:

Suspicious

First seen:

2026-01-11 19:15:09 UTC

File Type:

Binary

AV detection:

11 of 36 (30.56%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2n3ytl4zkuu6fq53xhco3d5lc7cfpmyoow77cn3f6puiys2ho76q._file

Verdict:

malicious

Label(s):

0bj3ctivitystealer

PXRECVOWEIWOEI

52e12c457102a51e41bd42ed8585673fa13c81d75aae5d7250f9b60d69f0f42d

PXRECVOWEIWOEI

5c34738a9e191e80277637f6f1deebfa842f8bd4f0d7633ab148313c64f8855f

PXRECVOWEIWOEI

65fdfb2fe35b497f7daf12505ca9ed686342b615b6d9b0b4b13af4ea390eb808

PXRECVOWEIWOEI

8707e35868f140fdcfb5f87599a22197260c154e45b26282c66af38df465ef1a

PXRECVOWEIWOEI

8f458ea339d79921e9e46311ec077fba71534ebe2092bc14a3ac574f284c82a0

PXRECVOWEIWOEI

e4ef9e3b63d39aa5f72cf8ee5d2f3cd3f7643d61ca6fff2169cb3e3eeb2d66b9

PXRECVOWEIWOEI

eb5c7c6370d533e6675ef2fb8b5f3f10cabc36584ddd3d3ad026af5266e84ed7

PXRECVOWEIWOEI

ec75f284102e3827f09cf9d4c646620f707657a977581064a0cea7a67d3e4896

PXRECVOWEIWOEI

error

PXRECVOWEIWOEI

fe49bbc0cce0e57cdf3c9da9bcdedd0dc070f78cbc4a2b25d653cb2f67775466

PXRECVOWEIWOEI

+ 78 additional samples on MalwareBazaar

Result

Malware family:

obj3ctivity

Score:

10/10

Tags:

family:obj3ctivity collection discovery execution persistence privilege_escalation stealer

Link:

https://tria.ge/reports/260112-sn9w6sft9b/

Behaviour

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Browser Information Discovery

Command and Scripting Interpreter: JavaScript

Event Triggered Execution: Netsh Helper DLL

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Wi-Fi Discovery

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Detects Obj3ctivity Stage1

Obj3ctivity family

Obj3ctivity, PXRECVOWEIWOEI

Process spawned unexpected child process

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.55

Link:

https://yomi.yoroi.company/submissions/d37789af995529e2c3bbb9c4ed8fab17c457b30e75bff13765f3e88c4b4777fd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample