MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa83180ee18c87e91ab920252e77692e7849b03d8220ace614bd4620bc559bb8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GenesisStealer

Vendor detections: 9

Intelligence 9 IOCs YARA 1 File information Comments

SHA256 hash:	fa83180ee18c87e91ab920252e77692e7849b03d8220ace614bd4620bc559bb8
SHA3-384 hash:	fcce1477122e95713ffae37e500321380c744f553a9e36ecf998d30cefd2bcccabf55d840e8414057080b7a0c5928e1a
SHA1 hash:	e221296cd5b59d86b0159e8bffe929bf8e2152f6
MD5 hash:	d1634b0162d5784d989cfa421f5b3db2
humanhash:	juliet-red-glucose-angel
File name:	a825f8018d7071c1.js
Download:	download sample
Signature	GenesisStealer Create hunting rule
File size:	721'857 bytes
First seen:	2026-02-27 08:44:40 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	12288:ITVOqr17lvu6CP1lwFHXUrEIJDeFIM1+uA/fx7ga7WHo/mHMz/uP9ViRO:aH7lgN+F3UoFR+HxV6Ho/mHMTuP93
TLSH	T1A2E401342DBE36AC02B6519A746B27C85E1A343328CCB57B21D09A9B5BB175DE0CFC5C
Magika	javascript
Reporter	burger
Tags:	GenesisStealer js payload

Intelligence

File Origin

# of uploads :

# of downloads :

134

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.Script.SNH-gen.16738858.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69a15954c950ab5d9ab20946

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 obfuscated repaired

Link:

https://www.filescan.io/uploads/69a159ab9eaae84659402176/reports/1d7f062c-cae8-454b-975d-c7d7240e19ae/overview

Verdict:

Malicious

Labled as:

Trojan/JS.Obfuscated

Link:

https://www.hybrid-analysis.com/sample/fa83180ee18c87e91ab920252e77692e7849b03d8220ace614bd4620bc559bb8

Verdict:

Malicious

File Type:

Detections:

HEUR:Trojan-PSW.Script.Generic

Link:

https://opentip.kaspersky.com/fa83180ee18c87e91ab920252e77692e7849b03d8220ace614bd4620bc559bb8/results?tab=lookup

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1875824

Signature

Multi AV Scanner detection for submitted file

Sigma detected: WScript or CScript Dropper

Behaviour

Behavior Graph:

Download SVG

Score:

97%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/fa83180ee18c87e91ab920252e77692e7849b03d8220ace614bd4620bc559bb8

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fa83180ee18c87e91ab920252e77692e7849b03d8220ace614bd4620bc559bb8/

Verdict:

Malicious

Threat:

Trojan-PSW.Script

Link:

https://tip.neiki.dev/file/fa83180ee18c87e91ab920252e77692e7849b03d8220ace614bd4620bc559bb8

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2026-02-27 08:44:15 UTC

File Type:

Text (JavaScript)

AV detection:

5 of 24 (20.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7kbrqdxbrsd6sgvzeass453jfz4etmb5qiqkzzquxvdcbpcvto4a._file

Result

Malware family:

n/a

Score:

3/10

Tags:

execution

Link:

https://tria.ge/reports/260227-kn1z9sav2h/

Behaviour

Command and Scripting Interpreter: JavaScript

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)