MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb8a28149cfb7b73aba293a376165db94c3c2b4bffe59965997cc8978ae15686. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb8a28149cfb7b73aba293a376165db94c3c2b4bffe59965997cc8978ae15686
SHA3-384 hash: f3aa49604308ccd3eaa81c512f172d6888f73fde9ba982db857c397a10ea2b4debc3fd9d73ebf32ab87b0a588e7bed73
SHA1 hash: 7b7cf26485128edb5a2b05ce83a3bffc390f8a57
MD5 hash: 05f37e62c283c4c4296a6146720576f6
humanhash: carpet-rugby-winner-alabama
File name:Cotización_pdf.js
Download: download sample
Signature MassLogger
Create hunting rule
File size:804'512 bytes
First seen:2026-06-10 06:08:56 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 3072:Kk6+yk20iD5GQROX8d1c9FsTLVGaktKgGJx1tpoh2JPSQUaMnd8wG6r4FYIfb+/H:rchZu
Threatray 1'566 similar samples on MalwareBazaar
TLSH T17805C73DC914012EE576D629C44A052FF9D26A4F123CD90360CA6B5FAFA384677C73AE
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Magika autohotkey
Reporter abuse_ch
Tags:js MassLogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a28ffb1a15110463ee46020
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
conhost masquerade powershell repaired
Link:
https://www.filescan.io/uploads/6a28ffb68161ac6cb55e43d0/reports/92739d68-19a5-4433-a16b-ea8052b02c4d/overview
Verdict:
Malicious
Labled as:
JS/Agent.URN trojan
Link:
https://www.hybrid-analysis.com/sample/fb8a28149cfb7b73aba293a376165db94c3c2b4bffe59965997cc8978ae15686
Verdict:
Malicious
File Type:
js
First seen:
2026-06-09T13:44:00Z UTC
Last seen:
2026-06-10T00:02:00Z UTC
Hits:
~1000
Detections:
PDM:Trojan.Win32.Generic HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/fb8a28149cfb7b73aba293a376165db94c3c2b4bffe59965997cc8978ae15686/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.expl.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1925578
Signature
Joe Sandbox ML detected suspicious sample
JScript performs obfuscated calls to suspicious functions
Multi AV Scanner detection for submitted file
Powershell scriptblock execution from environment variable
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
WScript reads language and country specific registry keys (likely country aware script)
Behaviour
Behavior Graph:
Download SVG
Score:
72%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/fb8a28149cfb7b73aba293a376165db94c3c2b4bffe59965997cc8978ae15686
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb8a28149cfb7b73aba293a376165db94c3c2b4bffe59965997cc8978ae15686/
Threat name:
Script-JS.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2026-06-09 20:01:31 UTC
File Type:
Text (JavaScript)
AV detection:
9 of 36 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ofcqfe47n5xhk5csorxmfs5xfgdyk2l77szszmzptejpcxbk2da._file
Verdict:
malicious
Label(s):
novastealer
Create hunting rule
Similar samples:
0f3dfd44c6bfa56485d6ac972acc0465e47e71afe0889ab83049ac0ee5bbf942
MassLogger
1919be5ba91f794f631b768ac505cd3d70da8c3eac1ea16ba1a412694176845d
MassLogger
38cdc9dad1bbefd14ea3e4f08dd721e11fe5b22bc8039b44714418a614c0f595
MassLogger
565a3493a68fd594074dd6dd2d379e44959d6f5d62dac865f683644d3ef4db3d
MassLogger
78c375d37aeceb5da37845f1f9a499c7a17390f686fe1ff7895cff41931e9ef3
MassLogger
7b13d7f29b1baf4deb469eb9b8ba3ed64061dc8614de31e5b04e272fdc4de900
MassLogger
ced40caee716f956a4db4d96f10daa8b80f6c30371f2490129b6cf212dcfd223
MassLogger
error
MassLogger
+ 1'556 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger collection defense_evasion execution persistence spyware stealer
Link:
https://tria.ge/reports/260610-gwv77sft9j/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Accesses Microsoft Outlook profiles
Hide Artifacts: Hidden Window
Looks up external IP address via web service
Checks computer location settings
Registers new Windows logon scripts automatically executed at logon.
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Family: MassLogger
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fb8a28149cfb7b73aba293a376165db94c3c2b4bffe59965997cc8978ae15686

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments