MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb19dd60cf30e2c61634df2042c588f84882097e142d9e7b4ab1faebb974338a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb19dd60cf30e2c61634df2042c588f84882097e142d9e7b4ab1faebb974338a
SHA3-384 hash: 980a9fe4318317d5dd9d7ab661ee46b38f4dae8c06e40431ec04e8816d0d95c3bea48859cb0adc29b2759d1379172e90
SHA1 hash: 6c6109597e7fb22b900239170882c4dc00f559c3
MD5 hash: 29f024cdac59d0f08da3c4cd5cb77f35
humanhash: mars-colorado-idaho-north
File name:6c6109597e7fb22b900239170882c4dc00f559c3
Download: download sample
File size:17'068 bytes
First seen:2023-07-08 08:46:57 UTC
Last seen:2023-07-08 10:50:49 UTC
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 384:kJ9TMXhmfn5ECkBQXKtwSrwLTps67M5Wf/JlJ8GlqaxUrRvTucG:69oXhmf5oBQXOhrwLp3JlSGlqaCRTY
TLSH T16472FA769E53FDD06BFE3A50A8043D913C983A2BC774156CFFC9085728E5244DB2E998
Reporter JAMESWT_WT
Tags:91-213-50-74 js

Intelligence

File Origin
# of uploads :
2
# of downloads :
296
Origin country :
IT IT
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PUA.Base64EXE-2.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated
Link:
https://www.filescan.io/uploads/64a922862333b198b2397719/reports/614afc62-f10a-4895-a5ee-db052d8ffd96/overview
Verdict:
Malicious
Labled as:
Zusy.Generic
Link:
https://www.hybrid-analysis.com/sample/fb19dd60cf30e2c61634df2042c588f84882097e142d9e7b4ab1faebb974338a
Result
Verdict:
MALICIOUS
Details
Base64 Encoded Powershell Directives
Detected one or more base64 encoded Powershell directives.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb19dd60cf30e2c61634df2042c588f84882097e142d9e7b4ab1faebb974338a/
Threat name:
ByteCode-MSIL.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2023-05-20 21:41:00 UTC
File Type:
Text
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7mm52ygpgdrmmfru34qefrmi7beiecl6cqwz462kwh5oxolugofa._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230708-kxqkwsed3w/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fb19dd60cf30e2c61634df2042c588f84882097e142d9e7b4ab1faebb974338a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Java Script (JS) js fb19dd60cf30e2c61634df2042c588f84882097e142d9e7b4ab1faebb974338a

(this sample)

DLL dll 8cd29838aeae1b19c74a19a1a8e1682dbe55fa82586706d9d640485274244ec8

  
URLhaus
https://urlhaus.abuse.ch/url/2678620/
  
Delivery method
Distributed via web download
  
Dropping
SHA256 8cd29838aeae1b19c74a19a1a8e1682dbe55fa82586706d9d640485274244ec8
  
Dropping
MD5 1a1f83039d1b0b3ae515fff1c1062801
  
URLhaus
https://urlhaus.abuse.ch/url/2678655/

Comments