MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e96d879950e582d7c3f16f914a9ab11fe4b80f8a4aa9f32065a342fa288705de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	e96d879950e582d7c3f16f914a9ab11fe4b80f8a4aa9f32065a342fa288705de
SHA3-384 hash:	7b7f67ce375e5fb8bb95621a57f5b6f0540d64376cb2c40c597595207c2127d3eed4bab1902c2c65600e43a97be2d032
SHA1 hash:	5a434e082511b3dcf764fb2ff12619c185ca2173
MD5 hash:	5df81396526a65053c86722d55c54094
humanhash:	lion-potato-utah-artist
File name:	license.js
Download:	download sample
Signature	Formbook Create hunting rule
File size:	66'109 bytes
First seen:	2026-03-17 20:54:21 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	1536:Tc10EOeNHVhZMHmUNuhYDu1Pu+OOlHUdxCDOYahynWGJKHG7Cgy22Kfud4dDAV:KD2CyzV
Threatray	2'671 similar samples on MalwareBazaar
TLSH	T12A5389119F9ED9AC9408B59C6882B0239E2E31AFF1C087537C2D6B9EED9460F74931D7
Magika	javascript
Reporter	James_inthe_box
Tags:	exe FormBook js

Intelligence

File Origin

# of uploads :

# of downloads :

166

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Score:

81.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69b9bfbd93b644ca466b1c8a

Tags:

ransomware extens xtreme

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-vm base64 fingerprint repaired

Link:

https://www.filescan.io/uploads/69b9bfba4ec2f522cc4cf412/reports/6bbcf31d-e3ae-462c-a27d-f5a1bec8c487/overview

Verdict:

Malicious

Labled as:

JS/TrojanDownloader.Agent

Link:

https://www.hybrid-analysis.com/sample/e96d879950e582d7c3f16f914a9ab11fe4b80f8a4aa9f32065a342fa288705de

Verdict:

Malicious

File Type:

Detections:

PDM:Trojan.Win32.Generic Trojan-Downloader.Win32.PsDownload.sb Trojan.JS.SAgent.sb HEUR:Trojan.Script.SAgent.gen

Link:

https://opentip.kaspersky.com/e96d879950e582d7c3f16f914a9ab11fe4b80f8a4aa9f32065a342fa288705de/results?tab=lookup

Score:

95%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/e96d879950e582d7c3f16f914a9ab11fe4b80f8a4aa9f32065a342fa288705de

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e96d879950e582d7c3f16f914a9ab11fe4b80f8a4aa9f32065a342fa288705de/

Verdict:

Malicious

Threat:

Trojan-Downloader.Win32.PsDownload

Link:

https://tip.neiki.dev/file/e96d879950e582d7c3f16f914a9ab11fe4b80f8a4aa9f32065a342fa288705de

Threat name:

Win32.Trojan.Etset

Status:

Malicious

First seen:

2026-03-17 20:51:27 UTC

File Type:

Text (JavaScript)

AV detection:

8 of 24 (33.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5fwypgkq4wbnpq7rn6iuvgvrd7slqd4kjku7gidfunbpukehaxpa._file

Result

Malware family:

n/a

Score:

8/10

Tags:

defense_evasion execution

Link:

https://tria.ge/reports/260317-zqmb8aev7x/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

Obfuscated Files or Information: Command Obfuscation

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Badlisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e96d879950e582d7c3f16f914a9ab11fe4b80f8a4aa9f32065a342fa288705de

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample