MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d60eacee1a6de78a44dcf66220130c4422ebc12275943157c2ef321ab482510. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d60eacee1a6de78a44dcf66220130c4422ebc12275943157c2ef321ab482510
SHA3-384 hash: 118e24786ebd096501e35e6b8a394ec91f969606238e53c9389d13eff65603447ba56b67d93de4d12495bd6514c1ee40
SHA1 hash: 03cbe1261cd740de762561287aa3dce7a7f1d094
MD5 hash: 7af6910dc9dc8fec35718e849c52e4e5
humanhash: mexico-nebraska-vegan-green
File name:DHL_DELIVERY_CONFIRMATION_CBJ0025032021068506.exe
Download: download sample
File size:1'042'944 bytes
First seen:2021-03-25 10:13:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 24576:WoZw/Ey7rQ3D0mqE+LLvi5PoMLbL5Zq0MZrECmBL7fGgI:WoZZy7aD0mqEai5PoM/L5ZrBL7X
Threatray 94 similar samples on MalwareBazaar
TLSH F725E03E066A6B27E57D87F588E50107F730A12A3186EB0D1CD213D51BA2753B98FA0F
Reporter abuse_ch
Tags:DHL exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server.browcorp.com
Sending IP: 74.208.128.74
From: DHL Express <dhlmail-mailer01@dhl.com>
Subject: DHL Express Delivery Confirmation.
Attachment: DHL_DELIVERY_CONFIRMATION_CBJ0025032021068506.cab (contains "DHL_DELIVERY_CONFIRMATION_CBJ0025032021068506.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
DHL_DELIVERY_CONFIRMATION_CBJ0025032021068506.exe
Verdict:
Suspicious activity
Analysis date:
2021-03-25 10:45:03 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6b1b743a-41e5-457b-8440-d141808428f0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Dropper-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/653723
Signature
.NET source code contains very large strings
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2d60eacee1a6de78a44dcf66220130c4422ebc12275943157c2ef321ab482510/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-25 10:14:06 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fvqovtxbu3phrjcnz5tceajqyrbc5pase5mugfl4f3zsdk2ieuia._file
Verdict:
unknown
Similar samples:
0a70b0923bbeabb1a48caaf2a3e37d81def85aeda662746bb782a4de7fecdb4a
2e96f7a6b4dd1d5251af4962a9028aac90c2ceb282495018c2d879ebf583f9ea
453a64df6bb4a9b5ef79d9e4d3b179869dcd6bb9b01a02be8289c04276e5483d
708ca97e578a8821640200bb5d9b030487b3159192eeda5aa20875bac0748f7d
a4470807c1518543552911cc3eaf6d9609e545ff44d961f32110166ff1c2b59c
bb574c82a945f3a4e13207edebea5c71f0ac8731745d915a05ca957a6964325d
bef454e332e2f3de22ad0612f8bc8ef70eac3809db0af6a2773e2d1d9bfecd3f
cfbf1e8483cddd75356dedc9630659fca435a94c522c43c9178c1114aa6423b3
eeb6d22ed65252b2e4a70098447a30d34267bac450ceef13ebbf2c896057924c
eee9ef1189886f11287b1db59eb13fba5c5f2b880e9fb744cafe15feed1f57b3
+ 84 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210325-1kdrz31m7s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
2d60eacee1a6de78a44dcf66220130c4422ebc12275943157c2ef321ab482510
MD5 hash:
7af6910dc9dc8fec35718e849c52e4e5
SHA1 hash:
03cbe1261cd740de762561287aa3dce7a7f1d094
Link:
https://www.unpac.me/results/b4b70443-3d38-4653-9554-0bd200f0a65c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/2d60eacee1a6de78a44dcf66220130c4422ebc12275943157c2ef321ab482510

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

cab d2d07e9c5da09defef5673c15b064877655787fac3daa6328cd95d3292068de3

Executable exe 2d60eacee1a6de78a44dcf66220130c4422ebc12275943157c2ef321ab482510

(this sample)

  
Dropped by
MD5 073e94dafe94009291aa2ef5e11bfe0f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d2d07e9c5da09defef5673c15b064877655787fac3daa6328cd95d3292068de3

Comments