MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6c60ca4f996b209bbaf7429182d7ed76acf761bb9c1de63486fcb76635fa58c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6c60ca4f996b209bbaf7429182d7ed76acf761bb9c1de63486fcb76635fa58c
SHA3-384 hash: 14ec971ceac7b858f12f2d1ad7725e2c2c8b4108494e1cec9f2ea9515bf3aeeb19f465ac14fa59492f05d2bf78e9bf42
SHA1 hash: 2deaddb1176d318f02e6462369e75da6f4e84185
MD5 hash: 8218cc08f593db53c0a3e09f1f56201a
humanhash: helium-stream-august-mobile
File name:payment-vanilla.iife.js
Download: download sample
File size:72'605 bytes
First seen:2026-05-13 19:57:56 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 1536:/tK6rN1naAHg9quIkZbLhnHbgCMAqV062cBmOd6l4UMyCZ:gA1nrkZbLhnHbZJq/2/Od6l4UMyCZ
TLSH T1BE63D646B3E1672B83CA71636C9AC987B33995992386401C7B1CD5F8246CDB4C3B5FB8
Magika javascript
Reporter cottaflora
Tags:cc-skimmer GorgonAgora js medusajs PaymentVanilla web-skimmer

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
CZ CZ
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a04d7d2953bbcef1c9028c3
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
masquerade obfuscated obfuscated repaired
Link:
https://www.filescan.io/uploads/6a04d7d22fcb905ec29550da/reports/b2197591-0845-4642-ad17-f38883105eb5/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/e6c60ca4f996b209bbaf7429182d7ed76acf761bb9c1de63486fcb76635fa58c
Verdict:
Malicious
File Type:
js
First seen:
2026-05-15T04:52:00Z UTC
Last seen:
2026-05-15T05:01:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.Script.Agent.gen
Link:
https://opentip.kaspersky.com/e6c60ca4f996b209bbaf7429182d7ed76acf761bb9c1de63486fcb76635fa58c/results?tab=lookup
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/e6c60ca4f996b209bbaf7429182d7ed76acf761bb9c1de63486fcb76635fa58c
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e6c60ca4f996b209bbaf7429182d7ed76acf761bb9c1de63486fcb76635fa58c/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/e6c60ca4f996b209bbaf7429182d7ed76acf761bb9c1de63486fcb76635fa58c
Threat name:
Win32.Trojan.Qwexlafiba
Create hunting rule
Status:
Malicious
First seen:
2026-05-13 12:33:14 UTC
File Type:
Text
Extracted files:
2
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=43dazjhzs2zato5poqurqll625vm65q3xha54y2in7fxmy27uwga._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
execution
Link:
https://tria.ge/reports/260513-yp1b1sew5y/
Behaviour
Command and Scripting Interpreter: JavaScript
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/e6c60ca4f996b209bbaf7429182d7ed76acf761bb9c1de63486fcb76635fa58c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:OBFUS_PowerShell_Common_Replace
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the common usage of replace for obfuscation
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Java Script (JS) js e6c60ca4f996b209bbaf7429182d7ed76acf761bb9c1de63486fcb76635fa58c

(this sample)

  
Delivery method
Distributed via web download

Comments