MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 353be7f64ffa25bf3d8ea90b55b9b288633883f00f328841007f82324a37a4d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 353be7f64ffa25bf3d8ea90b55b9b288633883f00f328841007f82324a37a4d7
SHA3-384 hash: 5543acc62b881797cdeada4e5f6769869455c16ba1e6969876a5080e642f5457024ae03b11b95ef512f13160b9d7374e
SHA1 hash: c4f38f77ef79cd4b44e1f6344f492281946fd707
MD5 hash: c36de042c317262fbeb25e0901e2441e
humanhash: december-sink-tennis-september
File name:Dhl shipment documents.exe
Download: download sample
File size:836'096 bytes
First seen:2020-07-07 05:05:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:UYj5+E9djzF1QU+BHtCObK/5kNs72PWsG6hAalwsqV9ZghRW5L3Boij5U2jDHLci:yU+xBqX5GqbZghE5LxoAiWDHglU
Threatray 1'183 similar samples on MalwareBazaar
TLSH 0405DF7132269EA3CA3E0CF4940034414FB56C97666DE3DD7CC260DB86E9FD08A966B7
Reporter jarumlus

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/21797/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% directory
Creating a file in the %temp% directory
Launching a process
Creating a process with a hidden window
Deleting a recently created file
Unauthorized injection to a recently created process
Enabling autorun with Startup directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/353be7f64ffa25bf3d8ea90b55b9b288633883f00f328841007f82324a37a4d7/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 05:07:08 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gu56p5sp7is36pmovefvlonsrbrtra7qb4ziqqiap6bdesrxutlq._file
Verdict:
unknown
Similar samples:
1e1a825c158fefa17df9237a4be60bc99e1a2a42ded631c8636b6af668b1627f
50823ae6e2e1cdf7aeb3fa1e9398ef0f5f7c244d22e3a1fce261aa0836bd02bd
522611d9bc8c8a566e73a6c1126e01da0814748e422fce48805949c152408868
68cc2dbe766234de0ce7f8853b2526bc8fa7194c106f0cecd55683e297d3764f
7369dcfec21741f712f75662e29752b6a55fcacd1fbf76b9948d40b82e89b9a0
964e7b311e933799477fd793aa4e7721af35fe5c494fd9d995a6a620b162e516
98ec6884be9b64e2e37a37460bd3d8ca770f2ef2d1d5cd4b6321a01462c8d32b
bc58f26c79cc8330e384f602bd129a25103576a1520c5fbc2c27abef784ae1de
e50f294da86ca74a28ab00ef44e48d7c0374f4a33e2ed436f9a4ed4e6a01e9b9
f17f88079f997a584c219a64b4105b6f98a6356f16a557bc0328758655d8fb99
+ 1'173 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/200707-48crmtlh62/
Behaviour
Suspicious use of WriteProcessMemory
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz 9abf918e309be8c2e119d5cf521c49f37d8201ada3f5b59d5578ee2c250a60e2

Executable exe 353be7f64ffa25bf3d8ea90b55b9b288633883f00f328841007f82324a37a4d7

(this sample)

  
Dropped by
MD5 894dc578a38d790e064e589faef05167
  
Dropped by
SHA256 9abf918e309be8c2e119d5cf521c49f37d8201ada3f5b59d5578ee2c250a60e2
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/21797/

Comments