MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a28e588bfbe14eed1fc43eb5674bbb8b5960679f6b3605fdc9f049c5b2ba4b1e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a28e588bfbe14eed1fc43eb5674bbb8b5960679f6b3605fdc9f049c5b2ba4b1e
SHA3-384 hash: 5c780849e1648c703a32026fb6c70ec32bf29bdaebb1ba16dfb6f9d14577424f069fb250c4b0aab0ec6670abb8b71c9b
SHA1 hash: c0ea7b8eff9947aa8f1b8dc91cf0be42f0199f4a
MD5 hash: 1d3056bfd10e5b5cc4c4bc2f9ed2ad02
humanhash: fish-four-indigo-uranus
File name:hyirn.hta
Download: download sample
File size:480 bytes
First seen:2025-04-30 11:11:49 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 12:kxvsCk9cE3MbUT/XU1lJzQD8eQnbENkeGRE5p7RhYI:kbxb8/kZZRE5VRuI
TLSH T12DF0D4D30C9FCE4DF1E1384BCFE6610814CA005D14C4D878D5D4E4AC7D7528E9C0B824
Magika html
Reporter abuse_ch
Tags:hta

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.JS.Redir-262.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68120849c8b2e86d0ac51d86
Tags:
blic sage hype
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/a28e588bfbe14eed1fc43eb5674bbb8b5960679f6b3605fdc9f049c5b2ba4b1e/results/dashboard
Payload URLs
URL
File name
https://d.coka.la/hyirn.hta?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTc0NjAxODQ3MywiaWF0IjoxNzQ2MDExMjczLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIzMHRoODA1dHZhZ3ZkZGE3MmcwNTJqMG8iLCJuYmYiOjE3NDYwMTEyNzMsInRzIjoxNzQ2MDExMjczOTU2MDAyfQ.Xj89_v1hUKnOMrWmFpzJtTNz_tyrG17GoAo4rXpF-CA&sid=5d158262-25b3-11f0-a481-058965a39312');
HTA File
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
fingerprint obfuscated
Link:
https://www.filescan.io/uploads/68120586833df795debd5a97/reports/8e6db6e0-1711-4c71-a2bc-851752f34bfc/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/a28e588bfbe14eed1fc43eb5674bbb8b5960679f6b3605fdc9f049c5b2ba4b1e
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1678087
Behaviour
Behavior Graph:
n/a
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/a28e588bfbe14eed1fc43eb5674bbb8b5960679f6b3605fdc9f049c5b2ba4b1e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a28e588bfbe14eed1fc43eb5674bbb8b5960679f6b3605fdc9f049c5b2ba4b1e/
Threat name:
Document-HTML.Trojan.Redirector
Create hunting rule
Status:
Malicious
First seen:
2025-04-30 11:12:10 UTC
File Type:
Text (HTML)
Extracted files:
1
AV detection:
1 of 24 (4.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ukhfrc734fho2h6eh22wos53rnmwaz47nm3al7oj6be4lmv2jmpa._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
defense_evasion discovery trojan
Link:
https://tria.ge/reports/250430-navswahn6y/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Checks whether UAC is enabled
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a28e588bfbe14eed1fc43eb5674bbb8b5960679f6b3605fdc9f049c5b2ba4b1e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

HTML Application (hta) hta a28e588bfbe14eed1fc43eb5674bbb8b5960679f6b3605fdc9f049c5b2ba4b1e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/68074/
  
Delivery method
Distributed via web download

Comments