Obfuscated JavaScript or Nothing, (Thu, Apr 9th)

Friday, April 10, 2026 at 06:40 AM UTC·Source: SANS ISC

Updated: Friday, April 10, 2026 at 06:47 AM UTC

Executive Summary

I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called âcbmjlzan.JSâ (SHA256:a8ba9ba93b4509a86e3d7dd40fd0652c2743e32277760c5f7942b788b74c5285) and is only identified as malicious by 15 AV&#x27s on VirusTotal[1].

Analysis

Indicators of Compromise (1)

SHA-256 (1)

a8ba9ba93b4509a86e3d7dd40fd0652c2743e32277760c5f7942b788b74c5285

VirusTotal AnyRun Joe Sandbox

Source Attribution

Originally published by SANS ISC on Apr 10, 2026.

Related Threats

LOWPhishing

Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.

Apr 17, 2026Dark Reading

CRITICALZero Day

We beat Google’s zero-knowledge proof of quantum cryptanalysis

<p>Two weeks ago, Google’s Quantum AI group <a href="https://research.google/blog/safeguarding-cryptocurrency-by-disclosing-quantum-vulnerabilities-responsibly/">published</a> a zero-knowledge proof of a quantum circuit so optimized, they concluded that first-generation quantum computers will break elliptic curve cryptography keys in as little as 9 minutes. Today, Trail of Bits is publishing our o

Apr 17, 2026Trail of Bits

LOWAi

ClickFix Phishing Campaign Masquerading as a Claude Installer

Overview It is no secret that phishing campaigns utilizing various ClickFix techniques have been a commonly used method of social engineering . One of the main reasons for this is simply because they work. You know this and Rapid7 does as well. As a company offering managed detection and response (MDR), our customers expect us to be knowledgeable about and able to detect attacks as common as Click

Apr 16, 2026Rapid7