MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11da62138e7f93ad21217e884246c2341e5ffc8faab0b5f6b02205ff08fc6122. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11da62138e7f93ad21217e884246c2341e5ffc8faab0b5f6b02205ff08fc6122
SHA3-384 hash: 2c1bfed6732bb5d988b6aaa613c6557bf46c8d9fcf68ebbf6850dc0d241b318f6067d08e76af82f5586a4dda8bc9865c
SHA1 hash: c047b43e1323b947e0a6cf3e21782844dfda9622
MD5 hash: 4cf398fca676842261d53339315227f2
humanhash: lake-alpha-johnny-three
File name:gg2.hta
Download: download sample
File size:176 bytes
First seen:2025-08-31 07:58:37 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 3:qVZx/XMnkAqRAdu6/GY7voOn3QkdK4cdfONvMmRYHURVPR8TbDEHeZNp79kBbZWM:qzx/XnAqJm79gFlfOVMm+HURlST/uedG
TLSH T152C080DB4CB1C14354D09481DEE1E654D82551442545CDE399C8C57574047CB6D453DF
Magika html
Reporter abuse_ch
Tags:hta

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68b400e9eb163e0ec1837b2f
Tags:
spawn blic sage
Result
Verdict:
Suspicious
File Type:
HTA File
Link:
https://app.docguard.net/11da62138e7f93ad21217e884246c2341e5ffc8faab0b5f6b02205ff08fc6122/results/dashboard
Payload URLs
URL
File name
https://block.cloud.lionic.com/blockpage/malicious.html?t=3&url=http://8.134.74.227/gg2.hta
HTA File
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/11da62138e7f93ad21217e884246c2341e5ffc8faab0b5f6b02205ff08fc6122
Verdict:
Unknown
File Type:
html
Link:
https://opentip.kaspersky.com/11da62138e7f93ad21217e884246c2341e5ffc8faab0b5f6b02205ff08fc6122/results?tab=lookup
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
1 / 100
Link:
https://www.joesandbox.com/analysis/1768408
Behaviour
Behavior Graph:
n/a
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/11da62138e7f93ad21217e884246c2341e5ffc8faab0b5f6b02205ff08fc6122
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Html
Link:
https://app.malva.re/file/4cf398fca676842261d53339315227f2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/11da62138e7f93ad21217e884246c2341e5ffc8faab0b5f6b02205ff08fc6122/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=chngee4op6j22ijbp2eeerwcgqpf77epvkyll5vqeic76ch4mera._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
adware defense_evasion discovery persistence ransomware spyware stealer trojan
Link:
https://tria.ge/reports/250831-jv6nnavpv4/
Behaviour
Modifies Internet Explorer settings
Modifies Internet Explorer start page
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
System Location Discovery: System Language Discovery
Checks whether UAC is enabled
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/11da62138e7f93ad21217e884246c2341e5ffc8faab0b5f6b02205ff08fc6122

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

HTML Application (hta) hta 11da62138e7f93ad21217e884246c2341e5ffc8faab0b5f6b02205ff08fc6122

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3594332/
  
Delivery method
Distributed via web download

Comments