One calm evening, I was browsing MalwareBazaar and saw a bunch of submissions belonging to the malware family "PhantomStealer": EXE, ZIP, JS, BAT, PS1, XLSX, HTA... Seems interesting... ELG_RFQ_3751897.js SHA256: 6c0f5796eef37c032ba6b5712d056f9e9191f9d950b3debbdcee9728c5fd0860 I chose the newest JS Submission, as I was hoping for an interesting chain