MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7ab3703410656cf1aa6cd7fcc4cc1fd3b3fcf02a9c662307aeb2474e900253c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	e7ab3703410656cf1aa6cd7fcc4cc1fd3b3fcf02a9c662307aeb2474e900253c
SHA3-384 hash:	137b0c6085d3ba0be86003db493e2af914bc2b4fa7dc12dc1634bc1bffca7b7ae2ae8576131ecedfb909356394d4a4f3
SHA1 hash:	ae4a0bf7c19f371962cf4467c5fe3727b5866a4e
MD5 hash:	a1926f1be8f67907ad0050b8b1b04e88
humanhash:	oranges-potato-white-delaware
File name:	greatknowledgewithbestfeel.hta
Download:	download sample
File size:	49'262 bytes
First seen:	2026-03-18 20:41:19 UTC
Last seen:	Never
File type:	hta
MIME type:	text/html
ssdeep	384:uas/tG/x1/0/Fn/l//jOVOQOaO+OZOxgOhOXOYO9STHfwb8yrv7:uZ8LcF/B7ItF9M0g+s78y/wb8yT7
TLSH	T104231A90D094ECE972182471C474B651B53D98FFA7BC6A09BC0FC2E7DB8DB124DDA282
Magika	txt
Reporter	James_inthe_box
Tags:	exe hta

Intelligence

File Origin

# of uploads :

# of downloads :

105

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69bb0e2393b644ca466b7004

Tags:

xtreme shell sage

Result

Verdict:

Malicious

File Type:

HTA File - Malicious

Link:

https://app.docguard.net/e7ab3703410656cf1aa6cd7fcc4cc1fd3b3fcf02a9c662307aeb2474e900253c/results/dashboard

Payload URLs

URL

File name

http://104.168.5.54/133/givemebestthingsbrother.vbs

HTA File

Behaviour

BlacklistAPI detected

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

powershell powershell pterodo

Link:

https://www.filescan.io/uploads/69bb0e234ec2f522cc4e6a1a/reports/3156c051-c64a-4ed3-988b-3f33a6e7a1b0/overview

Verdict:

Malicious

Labled as:

VBS:Electryon.380

Link:

https://www.hybrid-analysis.com/sample/e7ab3703410656cf1aa6cd7fcc4cc1fd3b3fcf02a9c662307aeb2474e900253c

Result

Gathering data

Verdict:

Malicious

File Type:

html

Detections:

HEUR:Trojan-Downloader.Script.Generic HEUR:Trojan.HTA.SAgent.gen

Link:

https://opentip.kaspersky.com/e7ab3703410656cf1aa6cd7fcc4cc1fd3b3fcf02a9c662307aeb2474e900253c/results?tab=lookup

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/e7ab3703410656cf1aa6cd7fcc4cc1fd3b3fcf02a9c662307aeb2474e900253c

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e7ab3703410656cf1aa6cd7fcc4cc1fd3b3fcf02a9c662307aeb2474e900253c/

Verdict:

Malicious

Threat:

Trojan-Downloader.Script.SAgent

Link:

https://tip.neiki.dev/file/e7ab3703410656cf1aa6cd7fcc4cc1fd3b3fcf02a9c662307aeb2474e900253c

Threat name:

Script-WScript.Dropper.Electryon

Status:

Malicious

First seen:

2026-03-17 17:20:38 UTC

File Type:

Text (HTML)

Extracted files:

AV detection:

9 of 36 (25.00%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=46vtoa2bazlm6gvgzv74ytgb7u5t7tycvhdgemd25mshj2iaeu6a._file

Result

Malware family:

n/a

Score:

10/10

Tags:

discovery execution

Link:

https://tria.ge/reports/260318-zg3b3sc16s/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Checks computer location settings

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Process spawned unexpected child process

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample