MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f482484f335ea3d83e7113f0dd6c5ad1669c22dfcd4a0b6b6cc802cd8c81d353. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	f482484f335ea3d83e7113f0dd6c5ad1669c22dfcd4a0b6b6cc802cd8c81d353
SHA3-384 hash:	011e259f9a7e0b643638ca5649860c108e91b3a8559e83886b714df2b1c130a2e6d5f466e89c61c57ae22ca09dcf9793
SHA1 hash:	fc1c5d54cca10459464c65213067c88aa804c96a
MD5 hash:	be90cdcd226c15dca74b5e12c8939098
humanhash:	island-music-timing-undress
File name:	A1 (12).js
Download:	download sample
Signature	RemcosRAT Alert Create hunting rule
File size:	50'922 bytes
First seen:	2025-06-11 11:52:19 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	1536:U+m8BJDf/3o7n412oEHecCWqL1v34sRNvEFlGZdy4NBOWI8B9Vt:U+m8BJDf/3o7n412oEHecCWqL1v34sRX
Threatray	4'147 similar samples on MalwareBazaar
TLSH	T1D8331082BD83CD754A7A6303C6DD7626FF16914240B1E261FC8EAFB4ABB0B1918355C7
Magika	javascript
Reporter	JAMESWT_WT
Tags:	js paste-ee RemcosRAT

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

429

Origin country :

IT

Vendor Threat Intelligence

CyberFortress Malicious

Verdict:

Malicious

Score:

97.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68496e0d07b5e8c1cfe64315

Tags:

obfuscate xtreme spawn

Hybrid Analysis BZC.UGZ.Boxter.1

Verdict:

Malicious

Labled as:

BZC.UGZ.Boxter.1

Link:

https://www.hybrid-analysis.com/sample/f482484f335ea3d83e7113f0dd6c5ad1669c22dfcd4a0b6b6cc802cd8c81d353

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

troj.expl.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1712179

Signature

Bypasses PowerShell execution policy

Connects to a pastebin service (likely for C&C)

Found suspicious powershell code related to unpacking or dynamic code loading

JavaScript source code contains functionality to generate code involving a shell, file or stream

Joe Sandbox ML detected suspicious sample

JScript performs obfuscated calls to suspicious functions

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sigma detected: Base64 Encoded PowerShell Command Detected

Sigma detected: Malicious Base64 Encoded PowerShell Keywords in Command Lines

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Sigma detected: PowerShell Base64 Encoded Reflective Assembly Load

Sigma detected: Suspicious PowerShell Parameter Substring

Sigma detected: WScript or CScript Dropper

Suspicious execution chain found

Suspicious powershell command line found

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Wscript starts Powershell (via cmd or directly)

Yara detected Powershell decode and execute

Yara detected Powershell download and execute

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

94%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/f482484f335ea3d83e7113f0dd6c5ad1669c22dfcd4a0b6b6cc802cd8c81d353

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f482484f335ea3d83e7113f0dd6c5ad1669c22dfcd4a0b6b6cc802cd8c81d353/

ReversingLabs TitaniumCloud Script-JS.Trojan.Boxter

Threat name:

Script-JS.Trojan.Boxter

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-06-10 15:57:18 UTC

File Type:

Text

AV detection:

8 of 24 (33.33%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=6sbeqtztl2r5qptrcpyn23c22ftjyiw7zvfaw23mzabm3deb2njq._file

Threatray remcos

Verdict:

malicious

Label(s):

remcos

Alert

Create hunting rule

Similar samples:

0e0f138ef6ba8d932c3ee4e0b5fee66a27b52733770dd525822d22c44c294e5c

RemcosRAT

18e47a246fa102e72bc56520203df7a3e6ea37cc50179e3e72a1927a9dcac308

RemcosRAT

2345ba4c97d721f9df926ad1182202564c644ac0e74e10cb9c40c1a671395055

RemcosRAT

5e95fb52da2144a06a66a593a6f12877108ebcdeb69f8f60ad010831d4fce1eb

RemcosRAT

6b0bef0d0996bc1eed9dd88ee0f01478b1e5d01b016c03b6f18edc6225a72a6e

RemcosRAT

8cd8f6613fa78da840f983784dd9c6b77e2ad9ad42fa6d4a161e10df4226ccd0

RemcosRAT

a086e589f54179599cbe9a923dafa8aa09941f92944674b6cf1de87a8b953838

RemcosRAT

a52ff4294cb4b3618c758a7ca95fad8995eee08fdd67d7db0a8e4642970564b5

RemcosRAT

ee1a3803936b0f51c8fa1e2ce1fcbfe092f0c2e846d5fd5bb075f3ad931efe6f

RemcosRAT

error

RemcosRAT

f7824c984b4d69b9b2b6dff7b5c9c33e419da3ee5b3dbc7637ad9e586ebe7ab6

RemcosRAT

+ 4'137 additional samples on MalwareBazaar

Hatching Triage remcos

Result

Malware family:

remcos

Alert

Create hunting rule

Score:

  10/10

Tags:

family:remcos botnet:jk9001 collection discovery execution rat

Link:

https://tria.ge/reports/250611-n1yx8attcw/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Accesses Microsoft Outlook accounts

Checks computer location settings

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Detected Nirsoft tools

NirSoft MailPassView

NirSoft WebBrowserPassView

Remcos

Remcos family

Malware Config

C2 Extraction:

ab90001.ddns.net:9001

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f482484f335ea3d83e7113f0dd6c5ad1669c22dfcd4a0b6b6cc802cd8c81d353