MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53bb765933ff93db7984c118e047fa09e873e17010160245c27daca881c93da6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53bb765933ff93db7984c118e047fa09e873e17010160245c27daca881c93da6
SHA3-384 hash: 989073199539f453809e0a4e4d01983a26a71ba11156321180b39cda37fab5f80acd79a641338650e1759d2847dd52d3
SHA1 hash: 87bb77574e2a11046c9ce62c4f7b98af276d955b
MD5 hash: d82f9e5de9aa8dae1fda64dfdc9060c4
humanhash: fifteen-kentucky-football-item
File name:Djiepy.z
Download: download sample
File size:832'240 bytes
First seen:2022-10-24 11:37:55 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:1GrjUyPyHNdPfAutwOBjUE6h16Vdtg1bK8QWGjD:QrjaNuApBAE6qdadQWU
TLSH T1EF05233E866CDD29DD706652F53F060D268807CAF47C16707E97FAA02169BDDB10A63C
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:z


Avatar
cocaman
Malicious email (T1566.001)
From: "<brt.tho@pescadoswear.com>" (likely spoofed)
Received: "from mxcvmutw.pescadoswear.com (unknown [92.52.217.173]) "
Date: "24 Oct 2022 01:41:02 -0700"
Subject: "Purchase_Order"
Attachment: "Djiepy.z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
121
Origin country :
n/a
File Archive Information

This file archive contains 5 file(s), sorted by their relevance:

File name:version.txt
File size:1'778 bytes
SHA256 hash: 150148d3fdb530f5ac45c3a564fda633df1db20230bca87a330539fd605cc7f3
MD5 hash: fb99041ac5ab9fccf65f20bb73e16d68
MIME type:application/octet-stream
File name:2.ico
File size:1'150 bytes
SHA256 hash: e5017c33a1c06b7df055f5c8d9a3f2b28a4ea19da9f501e33fb1795aa1ff39de
MD5 hash: f5473ec8a2f772c13f4635e77d3a5e4d
MIME type:image/vnd.microsoft.icon
File name:1
File size:490 bytes
SHA256 hash: 539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
MD5 hash: b7db84991f23a680df8e95af8946f9c9
MIME type:text/xml
File name:1.ico
File size:4'286 bytes
SHA256 hash: f4a1922f4dc40781d27d45082513d2ed2585b7413c0d76c7a42ceea0cedaf800
MD5 hash: ebd096d4e5759af1b853cdf8b1330607
MIME type:image/vnd.microsoft.icon
File name:32512
File size:34 bytes
SHA256 hash: e253d797afc8a4f3ad497c5b82981225b6a8d2843873a18dc2b3c155c91e0b36
MD5 hash: 1ca559e52ba2941be4c2e87cc5728277
MIME type:application/octet-stream
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/53bb765933ff93db7984c118e047fa09e873e17010160245c27daca881c93da6/
Threat name:
ByteCode-MSIL.Trojan.Scarsi
Create hunting rule
Status:
Malicious
First seen:
2022-10-24 06:42:18 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ko5xmwjt76j5w6meyemoar72bhuhhylqcalaerocpwwkraojhwta._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/53bb765933ff93db7984c118e047fa09e873e17010160245c27daca881c93da6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

z 53bb765933ff93db7984c118e047fa09e873e17010160245c27daca881c93da6

(this sample)

Executable exe fc268662edbe596dd986f418d8a12e492040ed094f0ca43cd68471c632597fa5

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fc268662edbe596dd986f418d8a12e492040ed094f0ca43cd68471c632597fa5
  
Dropping
MD5 820ec2155e2a2c334dd481b13b46fc29

Comments