MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c623597d841c947c485e221efc9318ee1d55e6e026f1b65e37242abb2ff0f60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c623597d841c947c485e221efc9318ee1d55e6e026f1b65e37242abb2ff0f60
SHA3-384 hash: 58569b46e31d443349716eaf8bd48a3776ecae2eea9836a4e0a86fc353e9b4f015be79ca4888c2e6b7bcb36aeefae1ba
SHA1 hash: f7be720a02aa5125c6e9a8e457c728d434121e08
MD5 hash: 2df2987abfa3ea274fce2b0b5b41cae8
humanhash: minnesota-bulldog-blossom-harry
File name:VoNJ8q.hta
Download: download sample
File size:4'416 bytes
First seen:2025-09-26 20:00:16 UTC
Last seen:2025-09-27 19:25:09 UTC
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 96:nItDJYtoAJS8ffKH1NPIX4rDIcQ0ucq4o5nZkh3ZzhVFI7BmaL:IVJYtoA1ffqzr/IcQ0ybkhUoaL
TLSH T1CD91F8757786306D8BE114EAA43BAB58763F9215340B8072DB7DFCD13C30A5B8096F99
Magika html
Reporter abuse_ch
Tags:hta

Intelligence

File Origin
# of uploads :
2
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Script.SNH-gen.750.5370.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Script.SNH-gen.24114.12711.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68d77a4efb8bc5050e4f178d
Tags:
redirector virus spawn
Verdict:
Malicious
Labled as:
JS/Redirector.SWD trojan
Link:
https://www.hybrid-analysis.com/sample/5c623597d841c947c485e221efc9318ee1d55e6e026f1b65e37242abb2ff0f60
Verdict:
Clean
File Type:
html
Link:
https://opentip.kaspersky.com/5c623597d841c947c485e221efc9318ee1d55e6e026f1b65e37242abb2ff0f60/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1785089
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
2%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/5c623597d841c947c485e221efc9318ee1d55e6e026f1b65e37242abb2ff0f60
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Base64 Block Contains Base64 Block Html
Link:
https://app.malva.re/file/2df2987abfa3ea274fce2b0b5b41cae8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c623597d841c947c485e221efc9318ee1d55e6e026f1b65e37242abb2ff0f60/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/5c623597d841c947c485e221efc9318ee1d55e6e026f1b65e37242abb2ff0f60
Threat name:
Script-JS.Trojan.Redirector
Create hunting rule
Status:
Malicious
First seen:
2025-09-26 20:16:37 UTC
File Type:
Text (HTML)
Extracted files:
1
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lrrdlf6yiheupref4iq67sjrr3q5kxtoajxrwzpdojbkxmx7b5qa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5c623597d841c947c485e221efc9318ee1d55e6e026f1b65e37242abb2ff0f60

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:html_auto_download_b64
Create hunting rule
Author:Tdawg
Description:html auto download

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

HTML Application (hta) hta 5c623597d841c947c485e221efc9318ee1d55e6e026f1b65e37242abb2ff0f60

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/69848/
  
Delivery method
Distributed via web download

Comments