MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4466a4c7880759617b93daf49193912955c1d7dffaebec346b3efc1fe6f2fff6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	4466a4c7880759617b93daf49193912955c1d7dffaebec346b3efc1fe6f2fff6
SHA3-384 hash:	4439e771762cbb02737d2bbf1eb1b7fb17cf5fd156d5cddcee571193056413897635b2cbb46c106f1d6588bf7c6b0589
SHA1 hash:	87b736d3364e159be5ac56c6f1435efbf5f21365
MD5 hash:	e0217230930581077f641f1f86425511
humanhash:	winner-london-golf-papa
File name:	Invoice & Packing List.7z
Download:	download sample
Signature	PureCrypter Alert Create hunting rule
File size:	26'780 bytes
First seen:	2023-12-20 07:09:28 UTC
Last seen:	Never
File type:	7z
MIME type:	application/x-7z-compressed
ssdeep	768:FrRu7DRxEhd5Y6pP6o5lahIF/AqHIP+fcL:FYHTE7xPT5lOpqoP+fO
TLSH	T13CC2E19542804BCDC0FA98E2015160DCA4B2D6E6FC77EF9D291E868CD99477E80E978D
TrID	57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1) 42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Reporter	cocaman
Tags:	7z INVOICE purecrypter

cocaman

Malicious email (T1566.001)
From: ""Chen Jiaxin Cheney" <jiaxinchen@gearsnet.com>" (likely spoofed)
Received: "from gearsnet.com (unknown [154.127.53.128]) "
Date: "19 Dec 2023 19:49:14 -0800"
Subject: "New Chinese Supplier"
Attachment: "Invoice & Packing List.7z"

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

123

Origin country :

CH

File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

Relevant files 2

File name:	Invoice & Packing List.com
File size:	68'144 bytes
SHA256 hash:	687ca6a1b57ec59f97a51f30b3029bde22cceb83cdc43c5416d8d049a854e906
MD5 hash:	0bf4354b3e06a1bf455a6b84757c0def
MIME type:	application/x-dosexec
Signature	PureCrypter

File name:	32512
File size:	20 bytes
SHA256 hash:	6eb54801f91b6d8effccbfaefe6b2d7705a274a75940e6226e24e0d4ec58c396
MD5 hash:	6da8e7d5ae1d5d15e0230a67a7c16c6d
MIME type:	application/octet-stream
Signature	PureCrypter

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

SecuriteInfo.com.Win32.MalwareX-gen.15080.7291.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

masquerade overlay

Link:

https://www.filescan.io/uploads/6582934db855eb3693e81011/reports/744f4dc1-d809-437d-a7a8-7bb77bfa9504/overview

Hybrid Analysis Mal/Drod7zip

Verdict:

Malicious

Labled as:

Mal/Drod7zip

Link:

https://www.hybrid-analysis.com/sample/4466a4c7880759617b93daf49193912955c1d7dffaebec346b3efc1fe6f2fff6

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

Archive

Link:

https://malprob.io/report/4466a4c7880759617b93daf49193912955c1d7dffaebec346b3efc1fe6f2fff6

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4466a4c7880759617b93daf49193912955c1d7dffaebec346b3efc1fe6f2fff6/

ReversingLabs TitaniumCloud Win32.Packed.Generic

Threat name:

Win32.Packed.Generic

Alert

Create hunting rule

Status:

Suspicious

First seen:

2023-12-20 01:45:42 UTC

File Type:

Binary (Archive)

Extracted files:

4

AV detection:

16 of 21 (76.19%)

Threat level:

  1/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=irtkjr4ia5mwc64t3l2jde4rffk4dv677lv6yndlh36b7zxs773a._file

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/4466a4c7880759617b93daf49193912955c1d7dffaebec346b3efc1fe6f2fff6