MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59cb7341143f7b109bc9cb1de1e0f2e9902e91410226b84efbaed9d133269153. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	59cb7341143f7b109bc9cb1de1e0f2e9902e91410226b84efbaed9d133269153
SHA3-384 hash:	3487342a4afb665a430b2c8986d6f2abefde127edb9236738117252fba725841dd26568467636fb0198cf51731e5de5b
SHA1 hash:	8223c6ee31636dead3591cc45d5aaed6b5aee135
MD5 hash:	46a85bc955e05db860ed35a12bf03910
humanhash:	timing-north-romeo-mike
File name:	Shipping_doc.pdf.ppam.exe
Download:	download sample
File size:	1'040'895 bytes
First seen:	2022-05-17 15:40:02 UTC
Last seen:	2022-05-17 16:46:06 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	61259b55b8912888e90f516ca08dc514 (1'059 x Formbook, 741 x AgentTesla, 427 x GuLoader)
ssdeep	24576:CYVNrD9EZS1uScgrjBT9N6tYmRdT1w30CxguH7zMgn1ty:///JVcg3BTzGY4cnMs1ty
Threatray	1'996 similar samples on MalwareBazaar
TLSH	T16E2502D53F1CCE90E2D0D0F1650AB6E4C9BB7E5356E2D829E076392AE1BDB12356E103
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	7061713169e8f0b2
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

223

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

Shipping_doc.pdf.ppam.exe

Verdict:

Malicious activity

Analysis date:

2022-05-17 20:57:53 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9b9b8838-f1ef-4c90-897a-1231f665a03e

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/271705/

Detection(s):

SecuriteInfo.com.Trojan.Inject4.32040.27888.25768.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/18381/overview

Behaviour

MalwareBazaar

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

control.exe overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/6283c25570e563c3836ac721/reports/e828f614-bf7e-45a5-b8c5-9f25cc8a0ea1/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/8a414e04-943d-4d65-80e2-ceb619285339

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/996003

Signature

Initial sample is a PE file and has a suspicious name

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/59cb7341143f7b109bc9cb1de1e0f2e9902e91410226b84efbaed9d133269153/

Threat name:

Win32.Trojan.LokiBot

Status:

Malicious

First seen:

2022-05-17 04:30:10 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

22 of 26 (84.62%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lhfxgqiuh55rbg6jzmo6dyhs5gic5ekbaitlqtx3v3m5cmzgsfjq._file

Verdict:

unknown

17cbe8a0069c4b52fbf18067f4dd7edcb11bde9e6d23933799875397a97bcc5a

432a63cc77412caf1f2166da5492f1b3574d71466436d2f528141ed3e541d59a

5833f2478df7361541589bbcf434e1dabf7fc39df6ae27ceda406c3e057fb5a8

6fdd9a50a2d96e6516d38fc90084cca38559705db75350d22e2abd31a8806b83

7b1da3704d0228cebf239b9c8935d500fef9b193c2ca2ba9e89cfd0724acd41c

d10fba55c54c50040046d409fb6d03593bb0c3c15d241803f1b1aeeb16885a6e

+ 1'986 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/220517-s3715aebc3/

Behaviour

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Suspicious use of SetThreadContext

Loads dropped DLL

Executes dropped EXE

Unpacked files

SH256 hash:

4c374ad62feb7fca74273946859e58e4e23fe0b71711262d8dd7d97f5bfe4872

MD5 hash:

dc7a93550a62412959a0f7512c1ce7d2

SHA1 hash:

91e3c6f33e4df5d050d6c38f4b380129275fa034

Link:

https://www.unpac.me/results/1a72ef22-e5a8-4a96-a4b4-c5bd809bdd21/

SH256 hash:

59cb7341143f7b109bc9cb1de1e0f2e9902e91410226b84efbaed9d133269153

MD5 hash:

46a85bc955e05db860ed35a12bf03910

SHA1 hash:

8223c6ee31636dead3591cc45d5aaed6b5aee135

Link:

https://www.unpac.me/results/1a72ef22-e5a8-4a96-a4b4-c5bd809bdd21/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/59cb7341143f7b109bc9cb1de1e0f2e9902e91410226b84efbaed9d133269153

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe 59cb7341143f7b109bc9cb1de1e0f2e9902e91410226b84efbaed9d133269153

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/271705/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample