MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eab07cb53f0b0c53fdc826c6c07af11ece70245e3cb250c629bf34b0fde38055. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eab07cb53f0b0c53fdc826c6c07af11ece70245e3cb250c629bf34b0fde38055
SHA3-384 hash: c537770b965e5974e0a848b9ab96aaa1ac80c1d0381687e96d3314b08b80da2a2e2884155525445824a7f767178f7684
SHA1 hash: 0f2cb75489eee9a6102ba3a236cdb14222febf95
MD5 hash: 38ef468258a062a17d7ebd917c9f08af
humanhash: wisconsin-magnesium-tennis-tango
File name:DHL delivery services.exe
Download: download sample
File size:1'035'776 bytes
First seen:2020-04-22 08:13:32 UTC
Last seen:2020-04-22 13:49:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:zs8DOhJ2RQO07TWMnwkRw49J3MmiAs6C+A/xP:zdDO/2nkbXw49a1A++A/F
Threatray 162 similar samples on MalwareBazaar
TLSH 222501B86A487A63CD7C83B9E046014923F4FD7D54D5E79AA8D3B1EB25B3312E523207
Reporter Racco42
Tags:exe

Intelligence

File Origin
# of uploads :
4
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis.27373.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 03:03:27 UTC
File Type:
PE (.Net Exe)
Extracted files:
19
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5kyhznj7bmgfh7oie3dma6xrd3hhajc6hszfbrrjx42lb7pdqbkq._file
Verdict:
unknown
Similar samples:
0208c252308b9e6ffe87ff38f47b3754520e09afc145e3fa49fc6920119c0ab1
3906afd9e6d7463f7d0886a54417f1c976bf647d96912340187a5851eaede2eb
5f298f29f101caea92cc338b2f54805748ca316c2f29c2d1a533c28105d93b4b
a55e0055555b9fd9a4434bd07b5f9b60b98f5e587b8fccdf4aabe2f55d3290ca
ad666104695e25301fea85ddfa1d6d947482e8b86187e11f91768cf75b0472b6
af1cf572150e95fd75306a13eb3d2306e1e1fb4ef6c238f53f30f2525389e07b
b96866f87f4e27d9e92908fe39a09bd95e88e07a57bdea110113a65e77979aee
df696f5fa3df8ce1eaca951cad491770b1d7aeb6e6326a360bcdb266f6d31620
e13cf5e6ff234c9b17ea31450b207f160df74b4cd0361a50b1122352a1750390
ef0e3fa0b391bdc3f8a6314ba3ca48cda4cea5a8e8e75f81681d70eaf4f3e39b
+ 152 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe eab07cb53f0b0c53fdc826c6c07af11ece70245e3cb250c629bf34b0fde38055

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments