MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4394c347c4a2ebb9b5db21abbfbbd25b8280e623f3f7a0445afe9fed9eda877e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4394c347c4a2ebb9b5db21abbfbbd25b8280e623f3f7a0445afe9fed9eda877e
SHA3-384 hash: f3c0c7701d8c01e4c8f94262dc1a7c8280288cbc7f92857400bd74d5d388736cc416db36e4f745f1edbe05544070d7d6
SHA1 hash: 4f218f53751f95464cb879102256cde68e97c803
MD5 hash: f31e9446266ebdc21c99524a37633a2f
humanhash: island-jersey-coffee-johnny
File name:4394c347c4a2ebb9b5db21abbfbbd25b8280e623f3f7a0445afe9fed9eda877e.html
Download: download sample
File size:211'705 bytes
First seen:2026-03-10 12:50:06 UTC
Last seen:Never
File type: html
MIME type:text/html
ssdeep 6144:FHPsZpSr6pOyfTQiwkFwSMQX4wMc+d5q1:VPsZpm6pOkPwkFw7QIwMBno
TLSH T14924A41BF03719B425406E88AD2325E79ECCD0529BB0327066EDE6EFC47E87860D9677
TrID 80.6% (.HTM/HTML) HyperText Markup Language with DOCTYPE (12501/2/4)
19.3% (.HTML) HyperText Markup Language (3000/1/1)
Magika html
Reporter smica83
Tags:html UKR

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
HU HU
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Script.SNH-gen.37786872.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b0139ce41a5a099931c19a
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
pterodo
Link:
https://www.filescan.io/uploads/69b0139397feb4afd67b4b97/reports/ec526008-63f3-4375-a9f2-14a11854ea3e/overview
Verdict:
Suspicious
Labled as:
JS/Pterodo.AJ trojan
Link:
https://www.hybrid-analysis.com/sample/4394c347c4a2ebb9b5db21abbfbbd25b8280e623f3f7a0445afe9fed9eda877e
Verdict:
Malicious
File Type:
html
Link:
https://opentip.kaspersky.com/4394c347c4a2ebb9b5db21abbfbbd25b8280e623f3f7a0445afe9fed9eda877e/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
phis
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1881219
Signature
AI detected malicious page (phishing or scam)
Downloads suspicious files via Chrome
Large href element pointing to data found
Malicious sample detected (through community Yara rule)
Potential malicious VBS script found (has network functionality)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1881219 Sample: 77U8TR69Qu.html Startdate: 10/03/2026 Architecture: WINDOWS Score: 68 39 shed.dual-low.part-0012.t-0009.t-msedge.net 2->39 41 shed.dual-low.part-0010.t-0009.t-msedge.net 2->41 43 6 other IPs or domains 2->43 61 Malicious sample detected (through community Yara rule) 2->61 63 AI detected malicious page (phishing or scam) 2->63 65 Downloads suspicious files via Chrome 2->65 67 Large href element pointing to data found 2->67 10 unarchiver.exe 2 2->10         started        12 chrome.exe 14 2->12         started        16 chrome.exe 2->16         started        signatures3 process4 dnsIp5 18 7za.exe 3 10->18         started        21 cmd.exe 2 2 10->21         started        53 192.168.2.24 unknown unknown 12->53 55 192.168.2.4 unknown unknown 12->55 57 192.168.2.9, 138, 443, 49293 unknown unknown 12->57 37 C:\...\2_16_9_1659_10.03.2026.rar (copy), RAR 12->37 dropped 23 chrome.exe 12->23         started        file6 process7 dnsIp8 59 Potential malicious VBS script found (has network functionality) 18->59 26 conhost.exe 18->26         started        28 Acrobat.exe 58 21->28         started        30 conhost.exe 21->30         started        49 www.google.com 142.251.151.119, 443, 49694, 49710 GOOGLEUS United States 23->49 51 212.193.20.110, 49695, 49696, 80 ASBAXETNRU Russian Federation 23->51 signatures9 process10 process11 32 AcroCEF.exe 96 28->32         started        process12 34 AcroCEF.exe 5 32->34         started        dnsIp13 45 chrome.cloudflare-dns.com 162.159.61.3, 443, 49713, 49714 CLOUDFLARENETUS United States 34->45 47 23.44.208.189, 443, 49717 AKAMAI-ASN1EU United States 34->47
Score:
74%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4394c347c4a2ebb9b5db21abbfbbd25b8280e623f3f7a0445afe9fed9eda877e
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4394c347c4a2ebb9b5db21abbfbbd25b8280e623f3f7a0445afe9fed9eda877e/
Threat name:
Win32.Trojan.Etset
Create hunting rule
Status:
Malicious
First seen:
2026-03-10 12:50:39 UTC
File Type:
Text (HTML)
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iokmgr6eulv3tno3egv37o6slobibzrd6p32arc272p63hw2q57a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4394c347c4a2ebb9b5db21abbfbbd25b8280e623f3f7a0445afe9fed9eda877e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

html 4394c347c4a2ebb9b5db21abbfbbd25b8280e623f3f7a0445afe9fed9eda877e

(this sample)

rar edc242b4a81011d254cbad1b448cab9883d9253e9d9a354804cd6d6067f7cb7f

  
Dropping
SHA256 edc242b4a81011d254cbad1b448cab9883d9253e9d9a354804cd6d6067f7cb7f
  
Dropping
MD5 96d065e26e73a0cd346056b7a378e658

Comments