MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4613810c0daf6abb2449de0816ef6c868620bc66318cc927d2ce06752a5fc19e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4613810c0daf6abb2449de0816ef6c868620bc66318cc927d2ce06752a5fc19e
SHA3-384 hash: 74f2e8af1a754dbf268561ad4518a4faff77f3c588758d7ea0575cfa7833ad90ba3c0e106d811c1031290e4fdd1cfa76
SHA1 hash: df8de636c647d8a83bed3fa44d33df443d2ae774
MD5 hash: 7d4986fd3a77045fff1585ebce8d5b20
humanhash: papa-oscar-dakota-finch
File name:email.zip
Download: download sample
File size:5'284 bytes
First seen:2024-04-03 15:00:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 96:mHwZs7FvqN/OArxCqYEtfRa1s4uj3aKMuSEDdTFMnovfK14L75nXQx8hMKOceH:mHwZWxe/prxCPEfa24u5MUso66X5XQxj
TLSH T139B1AE8A9FDB78DDCA017D3AE6667305EA2046419B2A52E33D8E50C58DCB253E24234E
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter 1ZRR4H
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
352
Origin country :
CL CL
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:email.pdf.lnk
File size:11'694 bytes
SHA256 hash: c9a10c0c41de776ac52bf65d813a348d2d4cbb24b566c4ef91debcdb438d5a37
MD5 hash: 08b8b6f0418723e25a3c72c1ae20ad9a
MIME type:application/octet-stream
Vendor Threat Intelligence
Result
Verdict:
Malicious
File Type:
LNK File - Malicious
Link:
https://app.docguard.net/4613810c0daf6abb2449de0816ef6c868620bc66318cc927d2ce06752a5fc19e/results/dashboard
Payload URLs
URL
File name
http://ip-api.com/json/?fields=status,message,country,isp,org,mobile,proxy,hosting,query'
LNK File
Behaviour
BlacklistAPI detected
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm evasive fingerprint masquerade
Link:
https://www.filescan.io/uploads/660d6f33bb285b5db0560550/reports/d0454d0d-7a8a-4727-943d-69f421715653/overview
Verdict:
Suspicious
Labled as:
Trojan.WinLNK.Agent
Link:
https://www.hybrid-analysis.com/sample/4613810c0daf6abb2449de0816ef6c868620bc66318cc927d2ce06752a5fc19e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4613810c0daf6abb2449de0816ef6c868620bc66318cc927d2ce06752a5fc19e/
Threat name:
Shortcut.Trojan.Boxter
Create hunting rule
Status:
Malicious
First seen:
2024-03-26 04:42:42 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
9 of 38 (23.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iyjycdanv5vlwjcj3yebn33mq2dcbpdggggmsj6szydhkks7ygpa._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/240403-s1bvxafc95/
Behaviour
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Looks up external IP address via web service
Checks computer location settings
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4613810c0daf6abb2449de0816ef6c868620bc66318cc927d2ce06752a5fc19e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Archive_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies archive (compressed) files in shortcut (LNK) files.
Rule name:Download_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies download artefacts in shortcut (LNK) files.
Rule name:Execution_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies execution artefacts in shortcut (LNK) files.
Rule name:EXE_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies executable artefacts in shortcut (LNK) files.
Rule name:PDF_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies Adobe Acrobat artefacts in shortcut (LNK) files.
Rule name:PS_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies PowerShell artefacts in shortcut (LNK) files.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments