MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c2d3bb028c729f96e4338566577cfd390b0ea6cb28684d807d379a6a6839fe6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c2d3bb028c729f96e4338566577cfd390b0ea6cb28684d807d379a6a6839fe6
SHA3-384 hash: 05abb7d47338fa92f874fdfefe24ef3121a6d5fac43e6e88870daddcb2b6a835bee4424acafba9855f3cf65cfe0f6723
SHA1 hash: 0ce8512d930a1ad3077ae485a962d97be622c566
MD5 hash: 40ce0b5f077916ed9defb60809ab4b8e
humanhash: muppet-fourteen-solar-grey
File name:proforma invoice.7z
Download: download sample
File size:60'920 bytes
First seen:2023-11-20 07:12:13 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 1536:XYMZHl+0TnDdwtpdeHaQb87HdBBYpxzYwIIFLRfQ3W/:XYGHQ0TDdQ7MCBBERYwIIXQi
TLSH T14A5302D44D9EB1E6A3F783F3A13E86700FA249B225E739DD3C78184A7987F192150A19
TrID 57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1)
42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Reporter cocaman
Tags:7z INVOICE


Avatar
cocaman
Malicious email (T1566.001)
From: "xingfu.yang@lit-auto.com" (likely spoofed)
Received: "from lit-auto.com (unknown [185.222.57.136]) "
Date: "20 Nov 2023 06:25:39 +0100"
Subject: "Fwd: CNNKS - Linked Intelligent Technology Co. Ltd - Order from Aurus LLC"
Attachment: "proforma invoice.7z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:proforma invoice.pdf
File size:62'382 bytes
SHA256 hash: aa37c9834962ef744c594c5dc3c3c29f2636214a883539517ced0543743da548
MD5 hash: aeb68f698f88108260ca933385e865e9
MIME type:application/pdf
Vendor Threat Intelligence
Result
Verdict:
Clean
File Type:
PDF File
Link:
https://app.docguard.net/0c2d3bb028c729f96e4338566577cfd390b0ea6cb28684d807d379a6a6839fe6/results/dashboard
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/0c2d3bb028c729f96e4338566577cfd390b0ea6cb28684d807d379a6a6839fe6
Result
Verdict:
MALICIOUS
Details
Document With Few Pages
Document contains between one and three pages of content. Most malicious documents are sparse in page count.
Document With Minimal Content
Document contains less than 1 kilobyte of semantic information.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c2d3bb028c729f96e4338566577cfd390b0ea6cb28684d807d379a6a6839fe6/
Threat name:
Win32.Trojan.ScarletFlash
Create hunting rule
Status:
Malicious
First seen:
2023-11-20 07:12:15 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
8 of 23 (34.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bqwtxmbiy4u7s3sdhblgk56p2oilb2tmwkdijwah2n42njudt7ta._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
link pdf
Link:
https://tria.ge/reports/231120-h3xv2sfb41/
Behaviour
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0c2d3bb028c729f96e4338566577cfd390b0ea6cb28684d807d379a6a6839fe6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

7z 0c2d3bb028c729f96e4338566577cfd390b0ea6cb28684d807d379a6a6839fe6

(this sample)

AgentTesla

Executable exe 20b4ef8e8decc7e48f1ce33615ea9280c20f6ff81efafa86cf5f9bd7de4ebcdd

zip 76f948c084b30647cc6fe5aa31ad9a8af237f8b3d3d48d7811fbe56c01a82057

pdf aa37c9834962ef744c594c5dc3c3c29f2636214a883539517ced0543743da548

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aa37c9834962ef744c594c5dc3c3c29f2636214a883539517ced0543743da548
  
Dropping
MD5 aeb68f698f88108260ca933385e865e9

Comments