MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 104be693d90bb024d60cfd27866a3802069bdd6ab673b737280f9b1e68b5b66f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 104be693d90bb024d60cfd27866a3802069bdd6ab673b737280f9b1e68b5b66f
SHA3-384 hash: cb5c1f58e4c513fed3c8615d3a9a1a2def94c49d66c024463da4e9b663cc4fb5bfe321ecc160fed86bf71ff392c8da81
SHA1 hash: 3a9bbb6b2fe4405927ac27564afd2e91de671898
MD5 hash: 0a10bf76fe9f974a98e0068c837a36ac
humanhash: item-summer-kansas-oranges
File name:document.hta
Download: download sample
File size:7'373 bytes
First seen:2025-12-25 12:06:17 UTC
Last seen:2025-12-30 09:28:22 UTC
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 192:OZWhIE/CTK/eY+k0llHYoHsfOBro2Tc/OaSmy:OUX/z+ZYoHsfO2/U
TLSH T1FAE1E796ACF32419741B405DCBBEA2187059905B870ACC9CFECC76A8DF4C6A49622FDC
TrID 80.6% (.HTM/HTML) HyperText Markup Language with DOCTYPE (12501/2/4)
19.3% (.HTML) HyperText Markup Language (3000/1/1)
Magika html
Reporter abuse_ch
Tags:hta youstarsbuilding-com

Intelligence

File Origin
# of uploads :
2
# of downloads :
54
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694d28f8038f10550b5588ad
Tags:
n/a
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/104be693d90bb024d60cfd27866a3802069bdd6ab673b737280f9b1e68b5b66f/results/dashboard
Payload URLs
URL
File name
https://yfdnzfa.com/?dn=life-captcha.com&pid=9PO755G95
HTA File
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/694d28f6e126b9ff439105d8/reports/1f79e94b-2f5f-4df6-9170-fee82b992e2c/overview
Verdict:
Suspicious
Labled as:
Trojan/JS.Redirector
Link:
https://www.hybrid-analysis.com/sample/104be693d90bb024d60cfd27866a3802069bdd6ab673b737280f9b1e68b5b66f
Verdict:
Clean
File Type:
html
First seen:
2025-12-25T10:35:00Z UTC
Last seen:
2025-12-25T11:02:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/104be693d90bb024d60cfd27866a3802069bdd6ab673b737280f9b1e68b5b66f/results?tab=lookup
Result
Threat name:
n/a
Detection:
suspicious
Classification:
spyw
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/1839284
Signature
Opens network shares
Behaviour
Behavior Graph:
Download SVG
Score:
4%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/104be693d90bb024d60cfd27866a3802069bdd6ab673b737280f9b1e68b5b66f
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Html
Link:
https://app.malva.re/file/0a10bf76fe9f974a98e0068c837a36ac
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/104be693d90bb024d60cfd27866a3802069bdd6ab673b737280f9b1e68b5b66f/
Verdict:
Malicious
Threat:
Document-HTML.Trojan.Redirector
Link:
https://tip.neiki.dev/file/104be693d90bb024d60cfd27866a3802069bdd6ab673b737280f9b1e68b5b66f
Threat name:
Document-HTML.Trojan.Redirector
Create hunting rule
Status:
Malicious
First seen:
2025-12-25 12:07:20 UTC
File Type:
Text (HTML)
Extracted files:
5
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cbf6ne6zboycjvqm7utym2ryaidjxxlkwzz3onzib6nr42fvwzxq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/251225-n9v8pawncw/
Behaviour
System Location Discovery: System Language Discovery
Badlisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/104be693d90bb024d60cfd27866a3802069bdd6ab673b737280f9b1e68b5b66f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

HTML Application (hta) hta 104be693d90bb024d60cfd27866a3802069bdd6ab673b737280f9b1e68b5b66f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3512331/
  
Delivery method
Distributed via web download

Comments