MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments 2
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca
SHA3-384 hash: 57fffb748e18913c5d24d73d53d42a38455dbdbebc05e087d254b961696bffa63a0445701728fb4274598d1c6123d86c
SHA1 hash: 543765b0bc0c31761f692d75752df24da6deb399
MD5 hash: 67717b3efb2620889fa51dd3ed0aee4d
humanhash: high-fruit-jersey-alpha
File name:Inv_98765467.hta
Download: download sample
File size:927 bytes
First seen:2021-02-15 18:13:42 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 24:hMNmMvy4GqptEIjb18qeefp8xuY8yu5y/Nnl88e/ZM8E4olEC:ImMqopOIjb1pfd4uc1yyt40F
TLSH AA1104A668C688847371C2E517E7E15DF553D18E61814D0C7644718BFF5934E42D3187
Reporter malwarelabnet

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca/
Threat name:
Script.Trojan.Alien
Create hunting rule
Status:
Malicious
First seen:
2021-02-11 04:36:04 UTC
AV detection:
5 of 47 (10.64%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HTML Application (hta) hta df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments


Avatar
malwarelabnet commented on 2021-02-15 19:26:46 UTC

450a7de27ed5ec3bf46cfd3d9880f377 Inv.exe
LuciferHTTP Botnet
https://app.any.run/tasks/1ac31609-4c1f-4b48-b85c-a1ad323e962a

Avatar
malwarelabnet commented on 2021-02-15 18:21:22 UTC

hta downloads
hxxps://www68.zippyshare.com/d/fk2Kgsi0/32300/Inv.exe
450a7de27ed5ec3bf46cfd3d9880f377 Inv.exe