MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b53268e17dddc9989d89a2f2ac5eb9a20f74227e516ca88aad47f1483b00b39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PureCrypter

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	6b53268e17dddc9989d89a2f2ac5eb9a20f74227e516ca88aad47f1483b00b39
SHA3-384 hash:	84da5319c91c5e13c1685a12454fba4dad93f04268b673b5b9367cfa07a33b1cc8f5cb88049a296625c1133e01a25a33
SHA1 hash:	b479e6375651034fc5ff979ca55ef4aa4a3c3669
MD5 hash:	2478bc7f2bcda41520ab0d8f45e9de8d
humanhash:	carbon-lion-alaska-berlin
File name:	Global Industrial Vendor Wire Remittance Detail.7z
Download:	download sample
Signature	PureCrypter Create hunting rule
File size:	27'175 bytes
First seen:	2023-12-20 09:39:48 UTC
Last seen:	Never
File type:	7z
MIME type:	application/x-7z-compressed
ssdeep	384:KRIMuGTLYgo1N+fKTw0COtS0qk+aO0Sa0yxVgilvUxFsPsyiDp9SeEgS3nq0uOir:K2mLYIfF0U0Sa/TlsxFi8D2bJAbM78Bf
TLSH	T154C2E1ED5A102A9B3773CAD98301E00B79FE9850B64C1580BECD397F65929AF14BA583
TrID	57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1) 42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Reporter	cocaman
Tags:	7z purecrypter

cocaman

Malicious email (T1566.001)
From: "Gerard Combs < jcombs@globalindustrial.com >" (likely spoofed)
Received: "from globalindustrial.com (unknown [91.92.248.50]) "
Date: "20 Dec 2023 01:31:21 -0800"
Subject: "Global Industrial Vendor Wire Remittance Detail"
Attachment: "Global Industrial Vendor Wire Remittance Detail.7z"

Intelligence

File Origin

# of uploads :

# of downloads :

127

Origin country :

File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:	32512
File size:	20 bytes
SHA256 hash:	6eb54801f91b6d8effccbfaefe6b2d7705a274a75940e6226e24e0d4ec58c396
MD5 hash:	6da8e7d5ae1d5d15e0230a67a7c16c6d
MIME type:	application/octet-stream
Signature	PureCrypter

File name:	Global Industrial Vendor Wire Remittance Detail.com
File size:	69'680 bytes
SHA256 hash:	40627c54a140e5647547956477d9fe0b458c2cb15121c2cc98edef2dfb479f59
MD5 hash:	9ef796410fb00b2934793dc93aa67db8
MIME type:	application/x-dosexec
Signature	PureCrypter

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win32.TrojanX-gen.16450.15879.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

overlay

Link:

https://www.filescan.io/uploads/6582b67403487a0d25d42168/reports/f8c4ffaf-88cc-47c1-9257-af70752d9be4/overview

Verdict:

Malicious

Labled as:

Mal/Drod7zip

Link:

https://www.hybrid-analysis.com/sample/6b53268e17dddc9989d89a2f2ac5eb9a20f74227e516ca88aad47f1483b00b39

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Score:

100%

Verdict:

Malware

File Type:

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/231220-qf3f1seabp/

Behaviour

Suspicious use of AdjustPrivilegeToken

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/6b53268e17dddc9989d89a2f2ac5eb9a20f74227e516ca88aad47f1483b00b39

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

PureCrypter

7z 6b53268e17dddc9989d89a2f2ac5eb9a20f74227e516ca88aad47f1483b00b39

(this sample)

PureCrypter

exe 40627c54a140e5647547956477d9fe0b458c2cb15121c2cc98edef2dfb479f59

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 40627c54a140e5647547956477d9fe0b458c2cb15121c2cc98edef2dfb479f59

Dropping

MD5 9ef796410fb00b2934793dc93aa67db8

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample