Open-source atomic malware analysis

Analyze another

package/index.js

UNKNOWN
Verdict: SUSPICIOUS
SHA256: 1f7b28a203a45563eb516228ba2beda4810887717cc64c49ab8dd5fdcf9458e5 · 28%
Mal-ecule
O₃(CSXe)H₂(CmPo)
Size 546 B download
First seen 5 days ago
Analyzed 5 days ago
Ecosystem javascript

Found in 1 archive

Objectives

hostile severity, 95% confident.
command-and-control/dropper/delivery Fetch remote code and eval in memory
notable severity, 90% confident.
execution/interpreter/eval eval on decoded variable
notable severity, 75% confident.
supply-chain/hidden-payload eval() with dynamic argument
component severity, 95% confident.
anti-static/obfuscation/string Regex component marker
component severity, 90% confident.
supply-chain/credential-theft fetch marker for credential exfil

Micro-behaviors

notable severity, 80% confident.
communications/http/request fetch() API call (JavaScript)
notable severity, 70% confident.
process/interpreter eval() function call (raw)
baseline severity, 90% confident.
communications/http HTTPS protocol prefix
component severity, 80% confident.
crypto/symmetric/aes HTTP/HTTPS client request capability
component severity, 80% confident.
data/string JavaScript split() method call
component severity, 75% confident.
data/text/keywords HTTP verb keyword (post/fetch/request)
component severity, 84% confident.
fs/path Hidden directory path literal
component severity, 100% confident.
os/console JavaScript console object

Metadata

baseline severity, 95% confident.
lang JavaScript or TypeScript basename
component severity, 100% confident.
file Web asset file extension (css/html/js/json)
component severity, 97% confident.
file/text Validation vocabulary object
component severity, 100% confident.
lang/encoded JavaScript file basename
component severity, 80% confident.
package Short sidecar-sized source

Identity

SHA-256 1f7b28a203a45563eb516228ba2beda4810887717cc64c49ab8dd5fdcf9458e5
Filename package/index.js

Origin

Source forager
Feed aikido.dev
Ecosystem javascript

Timeline

First seen 13 Jun 2026 07:24 UTC
First analyzed 13 Jun 2026 07:24 UTC
Last analyzed 13 Jun 2026 07:24 UTC
Last updated 13 Jun 2026 07:24 UTC

Labeling

Label bad
Label source forager