MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4e154d49759c288c006786c167eb62243f284d2d99a85316aec564fc67f9fbb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4e154d49759c288c006786c167eb62243f284d2d99a85316aec564fc67f9fbb
SHA3-384 hash: 667b41e792f6356e1d9bc12ed2936247ac7a1d2eb5e009605996bf175a733fece734c53506d19b4c29d50c51002dd50f
SHA1 hash: 1bb799e9c2a5302cb90d12d31ad7885c3a1b2478
MD5 hash: eeb2b04b467b28664223d2261a2ec77c
humanhash: bakerloo-cup-bacon-alanine
File name:eclattttt.js
Download: download sample
File size:1'609 bytes
First seen:2023-01-04 12:19:07 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 48:7xVxT54VAL7wmKjr6X2x8yyWDz/JDwaq6OkkLhUAHngE:tFD8zyQDyW3xDksCHZ
TLSH T17A318FAD2943E13C67A21B25D72A5448AC548902BB3CD450B089CEC939AC975866A97D
Reporter abuse_ch
Tags:js

Intelligence

File Origin
# of uploads :
1
# of downloads :
225
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.JS.Trojan.Cryxos.11472.1491.7363.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated
Link:
https://www.filescan.io/uploads/63b56ef4a70bef46551d05e2/reports/845decb1-51f1-4047-9dcc-9b00d4428c71/overview
Result
Verdict:
MALICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
adwa.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1145047
Signature
Antivirus detection for URL or domain
Drops PE files to the startup folder
Drops script or batch files to the startup folder
JavaScript source code contains functionality to generate code involving a shell, file or stream
JScript performs obfuscated calls to suspicious functions
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Powershell drops PE file
Very long command line found
Wscript starts Powershell (via cmd or directly)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 777778 Sample: eclattttt.js Startdate: 04/01/2023 Architecture: WINDOWS Score: 96 54 Multi AV Scanner detection for domain / URL 2->54 56 Antivirus detection for URL or domain 2->56 58 Multi AV Scanner detection for submitted file 2->58 60 JavaScript source code contains functionality to generate code involving a shell, file or stream 2->60 7 wscript.exe 1 2->7         started        10 wscript.exe 1 2->10         started        12 iexplore.exe 1 57 2->12         started        15 iexplore.exe 2 72 2->15         started        process3 dnsIp4 62 JScript performs obfuscated calls to suspicious functions 7->62 64 Wscript starts Powershell (via cmd or directly) 7->64 66 Very long command line found 7->66 17 powershell.exe 11 7->17         started        20 powershell.exe 14 18 7->20         started        24 powershell.exe 9 10->24         started        26 powershell.exe 10->26         started        46 onshopfashioner.com 12->46 28 iexplore.exe 27 12->28         started        30 iexplore.exe 1 30 15->30         started        signatures5 process6 dnsIp7 48 Drops script or batch files to the startup folder 17->48 50 Drops PE files to the startup folder 17->50 32 conhost.exe 17->32         started        40 C:\Users\user\AppData\...\AgileDotNetRT64.dll, PE32+ 20->40 dropped 52 Powershell drops PE file 20->52 34 conhost.exe 20->34         started        36 conhost.exe 24->36         started        38 conhost.exe 26->38         started        42 192.168.2.1 unknown unknown 28->42 44 onshopfashioner.com 203.175.8.118, 443, 49711, 49712 IPVG-AS-APIP-ConvergeDataCenterIncPH Indonesia 30->44 file8 signatures9 process10
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4e154d49759c288c006786c167eb62243f284d2d99a85316aec564fc67f9fbb/
Threat name:
Script-JS.Trojan.Cryxos
Create hunting rule
Status:
Malicious
First seen:
2023-01-04 00:16:54 UTC
File Type:
Text (JavaScript)
AV detection:
7 of 39 (17.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6tqvjvexlhbirqagpbwbm7vwejb7fbgs3gnikmlk5rle7rt7t65q._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/230104-phra4aaf9t/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f4e154d49759c288c006786c167eb62243f284d2d99a85316aec564fc67f9fbb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments