MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff6bc22eb4abe070bf83a80f53e42fffe709de1b58d54a5a31e27656001e46ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff6bc22eb4abe070bf83a80f53e42fffe709de1b58d54a5a31e27656001e46ae
SHA3-384 hash: 580640e2996b44a8e452ef54bc41152f2e15219c45b95ad98aa8fb0ae7625cd576727c839d7e2550b01ba2953c824839
SHA1 hash: faee3fe96e9e08b974e5f938b6147526fcb5b983
MD5 hash: cd0e9c3553a4db320e04ce656956a0eb
humanhash: winter-yankee-queen-angel
File name:PROFORMA INV RAFEEQ TRADING #270427.js
Download: download sample
File size:801'684 bytes
First seen:2026-06-09 06:16:42 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 3072:uqHZIoLYsbA5Ij+JcS2gGJsdvbkDpyzonNFXh0AumWdS+uXROQgT0SYf8lVxa74z:rTAmSRv
TLSH T11705E93DDC24822EE132C618C59A085FF896294B522CE95760C3375F5EA3847B7D37AE
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Magika txt
Reporter JAMESWT_WT
Tags:80-66-84-51 js sergiotrabuccocineasta-com Spam-ITA


Avatar
JAMESWT_WT
hXXps://sergiotrabuccocineasta.com/3456789.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.JS.Starter.169.1642.4904.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a27affe3e9eff6a6b68f3e9
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 conhost exploit obfuscated powershell repaired
Link:
https://www.filescan.io/uploads/6a27afff3d2a0c6df8ea0695/reports/c1d98879-11ae-4fa9-9269-9684c4a4e28e/overview
Verdict:
Malicious
Labled as:
JS/Agent.URN trojan
Link:
https://www.hybrid-analysis.com/sample/ff6bc22eb4abe070bf83a80f53e42fffe709de1b58d54a5a31e27656001e46ae
Verdict:
Malicious
File Type:
js
First seen:
2026-06-08T20:54:00Z UTC
Last seen:
2026-06-09T03:14:00Z UTC
Hits:
~1000
Link:
https://opentip.kaspersky.com/ff6bc22eb4abe070bf83a80f53e42fffe709de1b58d54a5a31e27656001e46ae/results?tab=lookup
Score:
71%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ff6bc22eb4abe070bf83a80f53e42fffe709de1b58d54a5a31e27656001e46ae
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff6bc22eb4abe070bf83a80f53e42fffe709de1b58d54a5a31e27656001e46ae/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=75v4elvuvpqhbp4dvahvhzbp77tqtxq3ldkuuwrr4j3fmaa6i2xa._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
defense_evasion execution
Link:
https://tria.ge/reports/260609-g2a48aet9q/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Obfuscated Files or Information: Command Obfuscation
Checks computer location settings
Badlisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ff6bc22eb4abe070bf83a80f53e42fffe709de1b58d54a5a31e27656001e46ae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments