MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df9571b999cf42158d771e5a091c0268c2e5da09756151ebfe3adefdd50a4727. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df9571b999cf42158d771e5a091c0268c2e5da09756151ebfe3adefdd50a4727
SHA3-384 hash: 7b5f954c3d276ce8612da8700f75a7806ed9ddab47d59d5801b52ff4c5fa3cf03ed381069d88e53da3774a3dd2543cab
SHA1 hash: b570a974680f066a8cca0904a0b7f77184a0601c
MD5 hash: edc5800017dd5abdb8d575b153b2dcf9
humanhash: march-september-harry-hamper
File name:New PO for MAR.-TCO-AIM240204A.js
Download: download sample
File size:254'430 bytes
First seen:2026-04-14 16:37:44 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 6144:NyOBs8fg99tLwmZ7ApWxgFwb9AjWT+Xft3Fyp4UOTLuO3i7fNZfpK:VuQe9xZ3GaeqOypnO/uL71fK
TLSH T163442A3ECAA90016A1B3D624FDA50413F5777F63263D8C9822C6128D47B350E75ADBAF
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Magika vba
Reporter James_inthe_box
Tags:exe js

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
US US
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.26700.JsHeur.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69de6d89f68adfe10039c667
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
repaired
Link:
https://www.filescan.io/uploads/69de6d84d920e19044fb9a17/reports/663f8d48-0dcb-48b3-9573-0c876c455a1b/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/df9571b999cf42158d771e5a091c0268c2e5da09756151ebfe3adefdd50a4727
Verdict:
Malicious
File Type:
js
First seen:
2026-04-14T07:58:00Z UTC
Last seen:
2026-04-16T12:05:00Z UTC
Hits:
~1000
Detections:
PDM:Trojan.Win32.Generic HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/df9571b999cf42158d771e5a091c0268c2e5da09756151ebfe3adefdd50a4727/results?tab=lookup
Score:
82%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/df9571b999cf42158d771e5a091c0268c2e5da09756151ebfe3adefdd50a4727
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/df9571b999cf42158d771e5a091c0268c2e5da09756151ebfe3adefdd50a4727/
Verdict:
Malicious
Threat:
Trojan.Win32
Link:
https://tip.neiki.dev/file/df9571b999cf42158d771e5a091c0268c2e5da09756151ebfe3adefdd50a4727
Threat name:
Script.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-04-14 10:56:59 UTC
File Type:
Text (JavaScript)
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=36kxdomzz5bbldlxdznashacndbolwqjovqvd276hlpp3viki4tq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
collection discovery execution persistence
Link:
https://tria.ge/reports/260414-t5l24sbv7z/
Behaviour
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Time Discovery
Drops file in Windows directory
Accesses Microsoft Outlook profiles
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Registers new Windows logon scripts automatically executed at logon.
Badlisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/df9571b999cf42158d771e5a091c0268c2e5da09756151ebfe3adefdd50a4727

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments