atomdrift labBETA

Open-source atomic malware analysis

Analyze another

v018-axios-cdntest-1.0.2.tgz

NPM

HOSTILE

75d203f0cec8ff16969967c3841d243b1166a3049f788e9ebd6160f2705f3260 · 100%

Mal-ecule

O₄(As₂ErI₃Eu)H₃(Db₂Cm₇U)Md(Pa₅)

Size 11.9 KB download

First seen 7 days ago

Analyzed 7 days ago

Ecosystem javascript

Source registry.npmjs.org

Objectives

anti-static/obfuscation/encoding Encoded eval() call

evasion/masquerade HTTP POST claims form encoding but sends base64 body

impact/cryptojacking Mining pool domain pattern (pool/mining/mine)

impact/cryptojacking/miner Monero wallet mining context

exfiltration/oob webhook.site OOB service

Micro-behaviors

data/encode JavaScript cyclic XOR pattern (e.g. key[i %

communications/http Regex-searches cookies via document.cookie.match

communications/http/client Dynamically loads script element

communications/http/request XMLHttpRequest network client creation

communications/http/services Browser sendBeacon telemetry

data/control-flow Loop variable incremented by a variable step

ui/window/manage Creates script DOM element

data/source/syntax XOR bitwise operator in expression

data/string JavaScript substring search call

os/random/prng Math.random invocation

Metadata

package Package has publishing configuration

package/fields Package explicitly lists published files

encoded-payload Decoded unicode-escape content

lang new Promise() usage marker

library Minified webpack module-factory invocation

20 of 57 traits shown

Objectives

anti-static/obfuscation/encoding Encoded eval() call

evasion/masquerade HTTP POST claims form encoding but sends base64 body

impact/cryptojacking Mining pool domain pattern (pool/mining/mine)

impact/cryptojacking/miner Monero wallet mining context

exfiltration/oob webhook.site OOB service

Micro-behaviors

data/encode JavaScript cyclic XOR pattern (e.g. key[i %

communications/http Regex-searches cookies via document.cookie.match

communications/http/client Dynamically loads script element

communications/http/request XMLHttpRequest network client creation

communications/http/services Browser sendBeacon telemetry

data/control-flow Loop variable incremented by a variable step

ui/window/manage Creates script DOM element

data/source/syntax XOR bitwise operator in expression

data/string JavaScript substring search call

os/random/prng Math.random invocation

Metadata

package Package has publishing configuration

package/fields Package explicitly lists published files

encoded-payload Decoded unicode-escape content

lang new Promise() usage marker

library Minified webpack module-factory invocation

20 of 57 traits shown

Identity

SHA-256	75d203f0cec8ff16969967c3841d243b1166a3049f788e9ebd6160f2705f3260
Canonical SHA-256	68ca1c801b60f550147c9c8ba54a952c223077c93cd845ef1815ec25f7fa7553
Filename	v018-axios-cdntest-1.0.2.tgz
Package	v018-axios-cdntest
Version	1.0.2

Origin

Source	forager
Feed	aikido.dev
Ecosystem	javascript
Domain	npmjs.org
URL	https://registry.npmjs.org/v018-axios-cdntest/-/v018-axios-cdntest-1.0.2.tgz

Timeline

First seen	9 Jun 2026 16:04 UTC
First analyzed	9 Jun 2026 16:34 UTC
Last analyzed	9 Jun 2026 16:34 UTC
Last updated	9 Jun 2026 16:34 UTC

Labeling

Label	bad
Label source	forager
Traits version	6c97d

Not seeing what you expected? Let us know