MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c7b1f08d9808114e4df364c07da199341226684b4d4152a1541f97a7bb53686. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c7b1f08d9808114e4df364c07da199341226684b4d4152a1541f97a7bb53686
SHA3-384 hash: b768ce0f1c8dd06b73b4d35e24c281ef32641d713f9cc4354add105bc7499fadd42a94194d682f84727e517582f7a7ae
SHA1 hash: 3779f235dfa141a64bd5359e658e01735e0acf8b
MD5 hash: 4a1f5565386b9b701c79efb02ee34720
humanhash: romeo-black-thirteen-oven
File name:ziy.hta
Download: download sample
File size:2'752 bytes
First seen:2025-04-29 02:52:43 UTC
Last seen:2025-04-29 15:05:22 UTC
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 48:+mPpFgqr1JMqUtmtE9i6ePwjlpISVgLqfBnu1R8M7ioaxyi6C1wTMTf99FOEfwP:5Uh99eSrZVKYn+Rji1yiLl9B8
TLSH T17B51C88C5CE1A19084525A97DD9FF0187449507B0348CC4DF2DCC0DA6FC8BA98B55FDE
TrID 80.6% (.HTM/HTML) HyperText Markup Language with DOCTYPE (12501/2/4)
19.3% (.HTML) HyperText Markup Language (3000/1/1)
Magika txt
Reporter abuse_ch
Tags:hta

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68104362c8b2e86d0ac41bb4
Tags:
n/a
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/1c7b1f08d9808114e4df364c07da199341226684b4d4152a1541f97a7bb53686/results/dashboard
Payload URLs
URL
File name
http://ifdnzact.com/?dn=enoe.net&pid=9PO755G95
HTA File
Verdict:
Malicious
Labled as:
JS/Redirector.PFB trojan
Link:
https://www.hybrid-analysis.com/sample/1c7b1f08d9808114e4df364c07da199341226684b4d4152a1541f97a7bb53686
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
1 / 100
Link:
https://www.joesandbox.com/analysis/1676837
Behaviour
Behavior Graph:
n/a
Score:
10%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/1c7b1f08d9808114e4df364c07da199341226684b4d4152a1541f97a7bb53686
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1c7b1f08d9808114e4df364c07da199341226684b4d4152a1541f97a7bb53686/
Threat name:
Script-JS.Trojan.Redirector
Create hunting rule
Status:
Malicious
First seen:
2025-04-29 02:53:11 UTC
File Type:
Text (HTML)
Extracted files:
4
AV detection:
5 of 24 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dr5r6cgzqcarjzg7gzgapwqzsnasezuewtkbkkqvih4xu65vg2da._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250429-ddc25avqx8/
Behaviour
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1c7b1f08d9808114e4df364c07da199341226684b4d4152a1541f97a7bb53686

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

HTML Application (hta) hta 1c7b1f08d9808114e4df364c07da199341226684b4d4152a1541f97a7bb53686

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1738457/
  
Delivery method
Distributed via web download

Comments