MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5bdbe509086a48374c2eb7d22558abaad0d87f61962965ddfeb91bc0d1a1491d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5bdbe509086a48374c2eb7d22558abaad0d87f61962965ddfeb91bc0d1a1491d
SHA3-384 hash: c546bf55e21b2b16291d98250ecaf0d2402e7462b5f66965b251d8cd2b8c36ddb2e82fa382b018be06565aee1c58e588
SHA1 hash: 9d7f5b64a0ed0731ec7cf11177e3a8db3eeaa47c
MD5 hash: 653e3911156284f9520961bc372d2ad0
humanhash: kilo-lithium-bakerloo-red
File name:Packinglist.exe
Download: download sample
File size:204'800 bytes
First seen:2020-12-22 12:48:21 UTC
Last seen:2020-12-22 14:38:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3849e503bd822b45c5ad473e158c5201
ssdeep 3072:nEXem0YpaBX1DzD6Y3w7rd9cmnGKb9VPVvTQzI/ptFqBh2e+jo7/nrBObmV0:n0eTYpaPXC/dGKbZvZ/3UfDFnrBv0
Threatray 5 similar samples on MalwareBazaar
TLSH 011412904A20D425DF85E97EA5708E3A92FB12CF7B52A0FF4C80365E58261DCF95A1FC
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: alnassar.com.sa
Sending IP: 162.244.93.110
From: Eastman Exports Global Pvt Ltd <sourcing@eastmanexports.com>
Reply-To: sourcing@eastmanexports.com
Subject: RE: Order query! / new order 20-12-20120. / Order #190868A
Attachment: Packinglist.zip (contains "Packinglist.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
193
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Packinglist.exe
Verdict:
No threats detected
Analysis date:
2020-12-22 13:10:39 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0cd3ad66-34e3-4e67-992a-2e2c8f96ac4a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108880/
Detection(s):
SecuriteInfo.com.Artemis653E39111562.19231.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/568270
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5bdbe509086a48374c2eb7d22558abaad0d87f61962965ddfeb91bc0d1a1491d/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-12-22 12:28:56 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lpn6kciinjedotbow7jckwflvlinq73bsyuwlxp6xen4bunbjeoq._file
Verdict:
unknown
Similar samples:
1b95de55808c88599a46d6a21a0063a874a6e2ca7f0644989ce60eee025a6485
70528f1500aeffb424cc452a6afaa99ddf4b8deb61a6e41830270dfb1400589f
81f08bb7f6faa0880efb94cc2fb91eec241e83b3d5b992c9564608bbe3c974e2
848bb4e9ca2acb33c8a183eefb65637edd6c2d837a6d490d41509896a79f95d3
d0a531def227f88eb7cf052fb7b94b33b7a1daca060bdb464e21739d606c99d4
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201222-bve6v9dq6e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
5bdbe509086a48374c2eb7d22558abaad0d87f61962965ddfeb91bc0d1a1491d
MD5 hash:
653e3911156284f9520961bc372d2ad0
SHA1 hash:
9d7f5b64a0ed0731ec7cf11177e3a8db3eeaa47c
Link:
https://www.unpac.me/results/16988e34-f7fe-40c6-b97c-cbbc6e9f03f1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.50
Link:
https://yomi.yoroi.company/submissions/5bdbe509086a48374c2eb7d22558abaad0d87f61962965ddfeb91bc0d1a1491d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 3a80720771f3c5884d6756f2b4bfda4fc43f8e8565bb51f18cf21e8ab77bd4c5

Executable exe 5bdbe509086a48374c2eb7d22558abaad0d87f61962965ddfeb91bc0d1a1491d

(this sample)

  
Dropped by
MD5 d0be2c3b6d4d197b565c1fbf8faa6dda
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 3a80720771f3c5884d6756f2b4bfda4fc43f8e8565bb51f18cf21e8ab77bd4c5
Cape
Cape
https://www.capesandbox.com/analysis/108880/

Comments