MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13787af8626a737ea71a2c8a800d009bb25e3f88d9e49982c8300e44f7d0eb24. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 13787af8626a737ea71a2c8a800d009bb25e3f88d9e49982c8300e44f7d0eb24
SHA3-384 hash: af2e54917ca7e5d0dcd18b7b559409e05b56472bbcf21ec77fff45c580b9f27453f004b691c4b8d06ee61b9ce2a3c59e
SHA1 hash: 98ef54e2042ff67eeddfdecd4cc57ac18c571d08
MD5 hash: a9ab57de550cd4297644c97a8a695328
humanhash: vermont-august-louisiana-harry
File name:document.hta
Download: download sample
File size:7'369 bytes
First seen:2025-12-28 13:11:19 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 192:OZyIE/CTK/eSrD0llHYoHsfOBro2Tc/ODSmy:OG/IYoHsfO2/B
TLSH T173E1C886ACF32518741B405DCFBEA2187069905B874ACD9CFDCC75A8DF4D2A89622FDC
TrID 80.6% (.HTM/HTML) HyperText Markup Language with DOCTYPE (12501/2/4)
19.3% (.HTML) HyperText Markup Language (3000/1/1)
Magika html
Reporter abuse_ch
Tags:hta

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69512caf6de7591fd8fc0819
Tags:
n/a
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/13787af8626a737ea71a2c8a800d009bb25e3f88d9e49982c8300e44f7d0eb24/results/dashboard
Payload URLs
URL
File name
https://yfdnzfa.com/?dn=life-captcha.com&pid=9PO755G95
HTA File
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69512cae84afa5547b5f1dd5/reports/34dad0ab-7885-4365-a42c-6398fe543c1c/overview
Verdict:
Malicious
Labled as:
HTML/ScrInject.B trojan
Link:
https://www.hybrid-analysis.com/sample/13787af8626a737ea71a2c8a800d009bb25e3f88d9e49982c8300e44f7d0eb24
Verdict:
Clean
File Type:
html
Link:
https://opentip.kaspersky.com/13787af8626a737ea71a2c8a800d009bb25e3f88d9e49982c8300e44f7d0eb24/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1840780
Signature
Multi AV Scanner detection for submitted file
Opens network shares
Behaviour
Behavior Graph:
Download SVG
Score:
13%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/13787af8626a737ea71a2c8a800d009bb25e3f88d9e49982c8300e44f7d0eb24
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Html
Link:
https://app.malva.re/file/a9ab57de550cd4297644c97a8a695328
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/13787af8626a737ea71a2c8a800d009bb25e3f88d9e49982c8300e44f7d0eb24/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/13787af8626a737ea71a2c8a800d009bb25e3f88d9e49982c8300e44f7d0eb24
Threat name:
Document-HTML.Trojan.Redirector
Create hunting rule
Status:
Malicious
First seen:
2025-12-28 13:12:15 UTC
File Type:
Text (HTML)
Extracted files:
5
AV detection:
6 of 36 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cn4hv6dcnjzx5jy2fsfiadiatozf4p4i3hsjtawigahej56q5msa._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/251228-qflhhawkdk/
Behaviour
System Location Discovery: System Language Discovery
Badlisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

HTML Application (hta) hta 13787af8626a737ea71a2c8a800d009bb25e3f88d9e49982c8300e44f7d0eb24

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3512331/
  
Delivery method
Distributed via web download

Comments