MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47882b961548cb3a61fed418fdfb4b714498cb53c3db242f3b6378832a32bb04. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47882b961548cb3a61fed418fdfb4b714498cb53c3db242f3b6378832a32bb04
SHA3-384 hash: edc19711c4db761baca6a14be2e8831d39abbfbc778ec12a1c443bca8d96d7ffdf3a0a56d87903c09c507fd4d49343a9
SHA1 hash: b92dbcfb87be23fac46c9bed17c4d14052f7d8ef
MD5 hash: 4b5cc792a1ed7b7e4532bba476cf9bf1
humanhash: thirteen-kansas-grey-alpha
File name:purchase order PO 2001-007.exe
Download: download sample
File size:197'432 bytes
First seen:2020-10-13 10:41:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'454 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 3072:fBCZqA0+nX3kBBfxK6Zh4zzOsy4qR9NAn528iJBlaS8RE/9:fBwLkBBfxKIo52LJ38CV
Threatray 9 similar samples on MalwareBazaar
TLSH C4146449220EC94FFBDE737A594760975DA084D7A27FC3D2AA7B7BA000D75140B92E0B
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.woz.cl
Sending IP: 200.29.152.146
From: Karayel Cebrail<hor.mok@coles.com.au>
Subject: PO#: 4300406987
Attachment: purchase order PO 2001-007.iso (contains "purchase order PO 2001-007.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70402/
Detection(s):
SecuriteInfo.com.Malware.19719.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Creating a process with a hidden window
DNS request
Sending a custom TCP request
Creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/489560
Signature
Executable has a suspicious name (potential lure to open the executable)
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/47882b961548cb3a61fed418fdfb4b714498cb53c3db242f3b6378832a32bb04/
Threat name:
ByteCode-MSIL.Infostealer.Tepfer
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 09:50:12 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=i6ecxfqvjdftuyp62qmp362lofcjrs2typnsilz3mn4igkrsxmca._file
Verdict:
unknown
Similar samples:
1e2ced0bf97c8caa6021784418f2edba1d0e618034fa15d83a0e8896e0936993
4692d4716a224f54c928808d2d7ee7e9eaeb8531f1cd29b91886fa511a12f07a
4a09bedcd448deaaaff205dabbc19a34f5b47a9714ac85a5a827c0aabeb2db7f
4fedda898f576336ee03b6171f90a06d6132b314d37e4ff58e1b0a5b1fdc05dc
6fa3091f305d9f040aca294e296e92c3590ce397bbf650ee9f26e3bc744d1f6a
7c6f9944f020d5349a5657bdee7fb477efd9243135a05b4db9b6a2c19f6fdc27
d3f6b0b7336fee85292bc3b1f5634f113b561b9c5205f1ac319949628ba281ba
d6f4a9224a002a3e247cd5453775f721fc6a040db9df38e59cd4d9575222ffac
ee41bffec9b30b0e5e1ee01e07482c92ea0f0663734833e3ac76de4e6388f025
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201013-qm7zn1alnj/
Behaviour
Delays execution with timeout.exe
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
47882b961548cb3a61fed418fdfb4b714498cb53c3db242f3b6378832a32bb04
MD5 hash:
4b5cc792a1ed7b7e4532bba476cf9bf1
SHA1 hash:
b92dbcfb87be23fac46c9bed17c4d14052f7d8ef
Link:
https://www.unpac.me/results/9c909b8b-4a12-437a-bb47-dcb9e2a78f61/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/47882b961548cb3a61fed418fdfb4b714498cb53c3db242f3b6378832a32bb04

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

iso 0f5d4f094085f027b28543c55d22a6ffebdc97df23e54aa6e2101ec73f701460

Executable exe 47882b961548cb3a61fed418fdfb4b714498cb53c3db242f3b6378832a32bb04

(this sample)

  
Dropped by
MD5 2fff60574360f89fa1b53182e8c2535a
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/70402/
  
Dropped by
SHA256 0f5d4f094085f027b28543c55d22a6ffebdc97df23e54aa6e2101ec73f701460

Comments