MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 71539d77a4c2e58f492d16f513f49d2ac3c9f002ceb1dda0ca70a63e8e33fd88. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 71539d77a4c2e58f492d16f513f49d2ac3c9f002ceb1dda0ca70a63e8e33fd88
SHA3-384 hash: 252d7c38b502b96fadceb238283888277e7bc6c4ef917eba44c62245020112aa3331fd2d8d624c36d135cea686713353
SHA1 hash: 089506eb139a582a8e381fecd8f50beebd22dd8b
MD5 hash: e878601b2319e4c800028155687ea43b
humanhash: shade-sweet-wyoming-vegan
File name:Bill of Lading.exe
Download: download sample
File size:1'456'968 bytes
First seen:2021-01-20 21:02:35 UTC
Last seen:2021-01-21 06:18:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'747 x AgentTesla, 19'642 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 1536:tAyD31On+ugrTipLElcUBZdZNpUJFeWOteHTyRMTJavxvr+xLX1BnY5MZkna34A6:tAyD31On+ugdlzv
Threatray 189 similar samples on MalwareBazaar
TLSH 3E6519023F0F1E8933A072B2AC9FD4EEF95F9A317657A825413D668E9077018D82BD75
Reporter cocaman
Tags:exe

Code Signing Certificate

Organisation:
Issuer:
Algorithm:sha256WithRSAEncryption
Valid from:Jan 19 19:42:40 2021 GMT
Valid to:Jan 19 19:42:40 2022 GMT
Serial number: 706A282ED797EDC57CCE9314FE7928D8
Thumbprint Algorithm:SHA256
Thumbprint: 9D8A8BF1E2F9C3701B9167BDAB397B104D8DD96E52B56E0112C434584C738BB6
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
123
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Bill of Lading.exe
Verdict:
No threats detected
Analysis date:
2021-01-20 00:46:24 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a0b4de5b-3b90-4961-8ba4-714a84d1b449

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/114564/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.510.27182.3074.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/586700
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential time zone aware malware
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/71539d77a4c2e58f492d16f513f49d2ac3c9f002ceb1dda0ca70a63e8e33fd88/
Threat name:
ByteCode-MSIL.Trojan.OutBreak
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 20:50:15 UTC
File Type:
PE (.Net Exe)
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ofjz255eylsy6sjnc32rh5e5flb4t4acz2y53igkoctd5drt7wea._file
Verdict:
unknown
Similar samples:
034117e2215690c209ed3a796a816b6f033db21760157de584fa1481f13fe666
61c31b3775cf5192df4442fbd308d7164fbaaeaea4a6a43dab2197b702af30e6
6fcb3920982436b7b88307eef586e6a0bd01ba8014b0f216affea7d4b5e3a31c
98cf9b180f49331bc9c5a5eae9257f083e7b9601819191e9414dc7a76321592f
a7686157bc950dfe9b30e3ac09f1138107d28dc071b5345561dead285b685c97
e8e70052042fcc4b3b2b2989743a68e3f64be5d97d2be0673657f99f82a4dbac
e9b025c3083c60b1260f6c9b6909f3c80aa7861814b4cee817b5485bb9b3e700
f64dfe37f4518739d7d31f0a81cc8a126d6766ca16039b3f80a50495efd6d765
fa7b9f85c252084827387001e3e113db0800169afc79e4f3305e0a1d3574bccd
fdd7a11713768ea1228de9054ac3d7ae9f85fac1d6f3461f8192daf8c385b6d1
+ 179 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210120-x36rdv4f7e/
Unpacked files
SH256 hash:
309249d02e5b695f75b2679f4ce5057eb37978c11f2281815dcb1d9a99e29b57
MD5 hash:
bd06d580ea57beb4141a7cb9dde8d33e
SHA1 hash:
dabb61c5e11c4eb23265806d04776deb62002541
Link:
https://www.unpac.me/results/a8b8e581-6762-4886-8bd9-9a9f1066ed36/
SH256 hash:
5b5e2225723f48ff6ee8eb442f18356606d89665158acbd53550dbc84194bce0
MD5 hash:
c8194e59ac07e016dc9cc0210c2f6261
SHA1 hash:
2cefc4f4f1253d344c20d8728125f7e2a0bb9f9f
Link:
https://www.unpac.me/results/a8b8e581-6762-4886-8bd9-9a9f1066ed36/
SH256 hash:
71539d77a4c2e58f492d16f513f49d2ac3c9f002ceb1dda0ca70a63e8e33fd88
MD5 hash:
e878601b2319e4c800028155687ea43b
SHA1 hash:
089506eb139a582a8e381fecd8f50beebd22dd8b
Link:
https://www.unpac.me/results/a8b8e581-6762-4886-8bd9-9a9f1066ed36/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/71539d77a4c2e58f492d16f513f49d2ac3c9f002ceb1dda0ca70a63e8e33fd88

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 375d38c203923cad9bd41b617d02e7c8c000cd4439bd7baa849d9c6ad6385736

Executable exe 71539d77a4c2e58f492d16f513f49d2ac3c9f002ceb1dda0ca70a63e8e33fd88

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 375d38c203923cad9bd41b617d02e7c8c000cd4439bd7baa849d9c6ad6385736
Cape
Cape
https://www.capesandbox.com/analysis/114564/

Comments