MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c70febafc3b9f585d816fadd33baa0c54303156f3b985bf7187f01509c1fa4a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c70febafc3b9f585d816fadd33baa0c54303156f3b985bf7187f01509c1fa4a
SHA3-384 hash: faab778ecf11a04d7386a14c036cb4b01a8e724afe04127ed20c3421cb25ddf7174d86ff84b67cb84e9c7b3c64d294a3
SHA1 hash: 409f350567178574fb895b056d6906013b387380
MD5 hash: ae25a1071964270faeff9198dd503ab1
humanhash: hamper-friend-kitten-johnny
File name:6c70febafc3b9f585d816fadd33baa0c54303156f3b985bf7187f01509c1fa4a.hta
Download: download sample
File size:49'503 bytes
First seen:2026-03-24 06:52:37 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 192:Zc4ve186G3e1Yc4ygybgMvF5vTg8e1/e1Svc46tA00Q0e1Be1tc4qc4Ve1q:e4mf94ZX2+TWR4h00Qrgi4H4kq
TLSH T11123E8B889C91CC54696E0285C9F8C3CDC814D1BD90DF627F9CD64E2CF227A52BA679C
Magika html
Reporter JAMESWT_WT
Tags:45-61-149-150 hta

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69c234df390b996474132b5c
Tags:
xtreme shell sage
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/6c70febafc3b9f585d816fadd33baa0c54303156f3b985bf7187f01509c1fa4a/results/dashboard
Payload URLs
URL
File name
http://45.61.149.150/44/withbestprojectaroundtheworldformebestthings.js
HTA File
Behaviour
BlacklistAPI detected
Gathering data
Verdict:
Malicious
Labled as:
VBS:Electryon.380
Link:
https://www.hybrid-analysis.com/sample/6c70febafc3b9f585d816fadd33baa0c54303156f3b985bf7187f01509c1fa4a
Result
Gathering data
Verdict:
Malicious
File Type:
html
Detections:
HEUR:Trojan-Downloader.Script.Generic HEUR:Trojan.HTA.SAgent.gen
Link:
https://opentip.kaspersky.com/6c70febafc3b9f585d816fadd33baa0c54303156f3b985bf7187f01509c1fa4a/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6c70febafc3b9f585d816fadd33baa0c54303156f3b985bf7187f01509c1fa4a
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6c70febafc3b9f585d816fadd33baa0c54303156f3b985bf7187f01509c1fa4a/
Verdict:
Malicious
Threat:
Trojan-Downloader.Script.SAgent
Link:
https://tip.neiki.dev/file/6c70febafc3b9f585d816fadd33baa0c54303156f3b985bf7187f01509c1fa4a
Threat name:
Script-WScript.Dropper.Electryon
Create hunting rule
Status:
Malicious
First seen:
2026-03-20 16:01:58 UTC
File Type:
Text (HTML)
Extracted files:
1
AV detection:
9 of 36 (25.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nryp5ox4hopvqxmbn6w5go5kbrkdamkw6o4ylp3rq7ybkcob7jfa._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery execution
Link:
https://tria.ge/reports/260324-hnpwwsfs2l/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks computer location settings
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Process spawned unexpected child process
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6c70febafc3b9f585d816fadd33baa0c54303156f3b985bf7187f01509c1fa4a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

HTML Application (hta) hta 6c70febafc3b9f585d816fadd33baa0c54303156f3b985bf7187f01509c1fa4a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3803936/
  
Delivery method
Distributed via web download

Comments