MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fd3945412f9f82786f2cacac0dada44c5d740350a0c223f8b8560987a368805. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0fd3945412f9f82786f2cacac0dada44c5d740350a0c223f8b8560987a368805
SHA3-384 hash: 97cda0a450a72f399791f13848d98dd108640f3ecd2fc207a704926a714397b2edd985c52504c72f05490aad0434fdd3
SHA1 hash: 486c9fd7e49e717e510a3848189f2299809a604e
MD5 hash: 6dbc7334bc44c8a97502ba038b95ae93
humanhash: cola-virginia-london-earth
File name:AWB - Invoice And Shipping Documents.exe
Download: download sample
File size:1'292'288 bytes
First seen:2021-01-08 19:04:52 UTC
Last seen:2021-01-08 20:28:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'662 x AgentTesla, 19'475 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 24576:J5FGJblHVZ21WspU2DxE4g8VORTUGfySTs8OpS9We1Rn:4RbZ8WsKSJgRw6s1S91Rn
Threatray 13 similar samples on MalwareBazaar
TLSH 4955D070A3A46B5BE07DA37D5168400497F1D509EB1AFBB9FED510FA0581F80CAB8A73
Reporter abuse_ch
Tags:exe HostGator


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gateway23.websitewelcome.com
Sending IP: 192.185.50.107
From: info@good-shepherd-ministries.org
Subject: AWB N0: 3029****6411 ready for pick-up
Attachment: AWB - Invoice And Shipping Documents.gz (contains "AWB - Invoice And Shipping Documents.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
180
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
AWB - Invoice And Shipping Documents.exe
Verdict:
No threats detected
Analysis date:
2021-01-08 19:07:01 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/743cd63e-cc3b-4b45-a51f-86e17aa5e499

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111076/
Detection(s):
SecuriteInfo.com.HEUR.AGEN.1138642.31707.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/577102
Signature
Antivirus / Scanner detection for submitted sample
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0fd3945412f9f82786f2cacac0dada44c5d740350a0c223f8b8560987a368805/
Threat name:
ByteCode-MSIL.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-08 10:57:28 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=b7jzivas7h4cpbxszlfmbww2itc5oqbvbigcep4lqvqjq6rwracq._file
Verdict:
unknown
Similar samples:
170e7582bfe11285c88fe6197b4a50a466a3f84465b8d73a1dbd0f79c90d9306
48cec3239b87cae63ce7f7a0c5b1b0ff2a21a6bfb9542a9ced8e015e99ae6ab2
61079c74aff96424d4b6d794636faa4d7bfd9df2ba67a506164d4168ca6bb234
6b24da236543d38133dc41cadcf3dea51bc290479b3d669031a2c8668a620648
ae56d57584819808e38b6b430dd066a14cc036cec568a0832de08e3f65bccc87
b612173e75cc939bb718725850a57a1487095d863db268758b5ee0bf2463f89d
ceaa237a1cecea60118cad22275777cfa4ff64ea121d317d7e32ab3df4e10412
e8b4d9d1b29d05b29c9a9fcf170748418899cc2438901a69b4f9f0a31e602ffc
f0e0f6dc0ab4b552d2e5fd7053c5c57c7e6c6f21a11fe34da5fd9a01f0b24753
fa2fea7b2c7e6d02c40890b178133c0c21e6e1182c170c09de4550e85c98e67f
+ 3 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210108-x7gpfh3dg6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
296620e9308a1069ca98d27c426f25f5c1f87d9240bb371c657571034b0261b5
MD5 hash:
4cf24d41a7882216740280e3294cb853
SHA1 hash:
6bcb31d3dc0a7d71da1067a628168664202769a4
Link:
https://www.unpac.me/results/7be581b3-5916-44b0-addc-3d9d126702bc/
SH256 hash:
0fd3945412f9f82786f2cacac0dada44c5d740350a0c223f8b8560987a368805
MD5 hash:
6dbc7334bc44c8a97502ba038b95ae93
SHA1 hash:
486c9fd7e49e717e510a3848189f2299809a604e
Link:
https://www.unpac.me/results/7be581b3-5916-44b0-addc-3d9d126702bc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/0fd3945412f9f82786f2cacac0dada44c5d740350a0c223f8b8560987a368805

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz bb525d41fc8c040d775398d851a398ee397b2725a3821218976ff9a6b0c4e5a1

Executable exe 0fd3945412f9f82786f2cacac0dada44c5d740350a0c223f8b8560987a368805

(this sample)

  
Dropped by
MD5 f1abfc6aada4a741852202c7e6cd92d0
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 bb525d41fc8c040d775398d851a398ee397b2725a3821218976ff9a6b0c4e5a1
Cape
Cape
https://www.capesandbox.com/analysis/111076/

Comments