MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0cebe68cbe06a390acee24c33155bb1d9910d4edcb660d0d235ce2a4e3c643c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gamaredon


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0cebe68cbe06a390acee24c33155bb1d9910d4edcb660d0d235ce2a4e3c643c5
SHA3-384 hash: 3800399824434bf361bc218205f8d8a52748172b9859b6b690de7b7fec6c85d12b21379fbc3e7bd04cc8137f6e3d6165
SHA1 hash: 6dd36351ad0a453c93315f6ba0819d6d8c2340b9
MD5 hash: 70a4235b82919949c185adb7b28baff3
humanhash: apart-island-butter-nevada
File name:0cebe68cbe06a390acee24c33155bb1d9910d4edcb660d0d235ce2a4e3c643c5.hta
Download: download sample
Signature Gamaredon
Create hunting rule
File size:8'160 bytes
First seen:2025-02-12 19:43:35 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 192:8PRySVgvD5Fh35KkFK5tIU7aTIyXhjOv2LoCv0Ef2x7JXG/+ya0NKJxPgVJ:8PDVgvDbh35KKKDIsyXhjSwv0tx7JXGP
TLSH T1F2F12B6FF8738244279914DA98A16E487E86011EF9B165E3F3C14363104B9F0BADE5FE
Magika txt
Reporter smica83
Tags:gamaredon hta

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
HU HU
Vendor Threat Intelligence
Verdict:
Suspicious
Score:
50%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67acfa104f5583c4c4d87bbb
Tags:
overt spawn
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/0cebe68cbe06a390acee24c33155bb1d9910d4edcb660d0d235ce2a4e3c643c5/results/dashboard
Payload URLs
URL
File name
https://www.ukr.net/
HTA File
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin mshta
Link:
https://www.filescan.io/uploads/67acfa1541f6d21e6a3a4daa/reports/771ff617-37fb-42d2-87ee-32321201abc5/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/0cebe68cbe06a390acee24c33155bb1d9910d4edcb660d0d235ce2a4e3c643c5
Result
Verdict:
UNKNOWN
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
3 / 100
Link:
https://www.joesandbox.com/analysis/1613561
Behaviour
Behavior Graph:
n/a
Score:
4%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/0cebe68cbe06a390acee24c33155bb1d9910d4edcb660d0d235ce2a4e3c643c5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0cebe68cbe06a390acee24c33155bb1d9910d4edcb660d0d235ce2a4e3c643c5/
Threat name:
Win32.Downloader.ShortSeek
Create hunting rule
Status:
Malicious
First seen:
2025-02-12 13:26:49 UTC
File Type:
Text (HTML)
Extracted files:
1
AV detection:
4 of 38 (10.53%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=btv6ndf6a2rzblhoetbtcvn3dwmrbvhnznta2djdltrkjy6gipcq._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery
Link:
https://tria.ge/reports/250212-yfwbpswnfn/
Behaviour
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Checks computer location settings
Blocklisted process makes network request
Downloads MZ/PE file
Malware Config
Dropper Extraction:
https://vehicle-terror-code-making.trycloudflare.com/SSU/dipRBX/partnerVdK.tif
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/0cebe68cbe06a390acee24c33155bb1d9910d4edcb660d0d235ce2a4e3c643c5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments