MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 747aebcb58dfe7048cbd515d1443f1d14f367fee553f112fc04dae24fd9c6ec8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	747aebcb58dfe7048cbd515d1443f1d14f367fee553f112fc04dae24fd9c6ec8
SHA3-384 hash:	9edf09a8a72d97d28557b628f89e8a18c23eb4bc4a1f145c8ad3e1c3dbb22b85d030a533ed8e70bdb749214037304472
SHA1 hash:	783514f822eb35d60a7e01d239459bb3395ce9db
MD5 hash:	249fd99eb0f892d009d8bc8269f52b97
humanhash:	florida-florida-romeo-saturn
File name:	DHL_AWB_NO_#907853880.zip
Download:	download sample
Signature	AgentTesla Alert Create hunting rule
File size:	6'482 bytes
First seen:	2023-06-29 11:52:05 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	96:IKYSBoI5olrlEk8IEEymc3/NK5ZtZnV6Nx8K5/EYFbLLfDyGf93Q2270JLeg:HYDDCA35Z/Vsb5/5bLXyY9Af73g
TLSH	T1CFD19FCD4BAEB9C2E4BA1A3054E91C19A7F4F26B29E580FC05D0C77CD40E5524A0AAD7
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	cocaman
Tags:	AgentTesla DHL zip

cocaman

Malicious email (T1566.001)
From: "DHL EXPRESS <dhl1@dhl.com>" (likely spoofed)
Received: "from one.beracacode.info (beracacode.info [74.208.25.42]) "
Date: "Thu, 29 Jun 2023 06:12:55 +0100"
Subject: "Original Shipment Document"
Attachment: "DHL_AWB_NO_#907853880.zip"

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

120

Origin country :

CH

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

Relevant files 1

File name:	DHL_AWB_NO_#907853880.exe
File size:	12'288 bytes
SHA256 hash:	b82291de6b50625fbe64293024d4b7d3f1bc874e14d8a6c613b56cf4c5854d30
MD5 hash:	7d7f13f7d03a59523ba69dce62f1dc56
MIME type:	application/x-dosexec
Signature	AgentTesla

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

SecuriteInfo.com.Win64.PWSX-gen.14659.17012.UNOFFICIAL

Alert

Create hunting rule

DocGuard Unknown

Result

Verdict:

Unknown

File Type:

PE File

Link:

https://app.docguard.net/747aebcb58dfe7048cbd515d1443f1d14f367fee553f112fc04dae24fd9c6ec8/results/dashboard

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

masquerade

Link:

https://www.filescan.io/uploads/649d709ff4ab9b52f3dc519a/reports/7f8bd88c-d0bd-4390-b4e0-be5884fef281/overview

Hybrid Analysis Unknown

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/747aebcb58dfe7048cbd515d1443f1d14f367fee553f112fc04dae24fd9c6ec8

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/747aebcb58dfe7048cbd515d1443f1d14f367fee553f112fc04dae24fd9c6ec8

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/747aebcb58dfe7048cbd515d1443f1d14f367fee553f112fc04dae24fd9c6ec8/

ReversingLabs TitaniumCloud Win64.Trojan.Pwsx

Threat name:

Win64.Trojan.Pwsx

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-06-29 05:01:26 UTC

File Type:

Binary (Archive)

Extracted files:

2

AV detection:

7 of 37 (18.92%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=or5oxs2y37tqjdf5kforiq7r2fhtm77oku7rcl6ajwxcj7m4n3ea._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/230629-pnbsladg9x/

Behaviour

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Suspicious behavior: LoadsDriver

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI AgentTesla

Threat name:

AgentTesla

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/747aebcb58dfe7048cbd515d1443f1d14f367fee553f112fc04dae24fd9c6ec8