MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 798563fcf7600f7ef1a35996291a9dfb5f9902733404dd499e2e736ea1dc6fc5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


WarmCookie


Vendor detections: 8


Intelligence 8 IOCs YARA 12 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 798563fcf7600f7ef1a35996291a9dfb5f9902733404dd499e2e736ea1dc6fc5
SHA3-384 hash: 7f767ec858ec422928a5d16252b25f80c89100e049af3a4741437787244dd3b9e89ba9147b763e41e67603bce682db81
SHA1 hash: 79f764b23b9767a10cc21b9798b233d97726b236
MD5 hash: 180f63b858ec220fcce837e11bc1dbec
humanhash: maryland-six-beer-lion
File name:Invoice 876597035_003.zip
Download: download sample
Signature WarmCookie
Create hunting rule
File size:2'767'804 bytes
First seen:2024-09-06 22:15:25 UTC
Last seen:2025-04-06 11:48:53 UTC
File type: zip
MIME type:application/zip
ssdeep 49152:rElYczSKl9yiMaFGP4olW+Obob2T4RW4bJsc4awlg8DUHNs4cjadSZYZLWAdmrM5:4zzdGiN04olObob2U1bJsc4y8DU62ds0
TLSH T15AD533BAC067149CADB60C33069DF92A99F26036722F5E90771D20E1DCB7E1F0B52B59
Magika zip
Reporter techevo_
Tags:js warmcookie zip

Intelligence

File Origin
# of uploads :
2
# of downloads :
444
Origin country :
GB GB
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Invoice-876597035-003-8331775-8334138.js
File size:6'990'020 bytes
SHA256 hash: dab98819d1d7677a60f5d06be210d45b74ae5fd8cf0c24ec1b3766e25ce6dc2c
MD5 hash: f43a0279183cf2c0eec72397251878d4
MIME type:text/plain
Signature WarmCookie
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_JsNum_377.UNOFFICIAL
Create hunting rule

PUA.SecuriteInfo.com.JS.Malware-1.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Score:
50%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66db7f268e12b8124ac9686b
Tags:
Stealth
Result
Verdict:
Malicious
File Type:
JS File - Malicious
Link:
https://app.docguard.net/798563fcf7600f7ef1a35996291a9dfb5f9902733404dd499e2e736ea1dc6fc5/results/dashboard
Payload URLs
URL
File name
https://business.checkfedexexp.com/data-privacy?zj=ZzqRKxVRQ&pOd=GEokiOXFwH&sourcedp=tQMQJlIo&Tfocontent
JS File
Behaviour
BlacklistAPI detected
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm masquerade
Link:
https://www.filescan.io/uploads/66db7f24d3734be2c544d5d7/reports/df67d7c0-5680-40da-8bdc-dbfd8f4cf7c7/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/798563fcf7600f7ef1a35996291a9dfb5f9902733404dd499e2e736ea1dc6fc5
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/798563fcf7600f7ef1a35996291a9dfb5f9902733404dd499e2e736ea1dc6fc5
Score:
99%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/798563fcf7600f7ef1a35996291a9dfb5f9902733404dd499e2e736ea1dc6fc5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/798563fcf7600f7ef1a35996291a9dfb5f9902733404dd499e2e736ea1dc6fc5/
Threat name:
Script-JS.Backdoor.Calisto
Create hunting rule
Status:
Malicious
First seen:
2024-08-16 12:25:13 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
5 of 38 (13.16%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pgcwh7hxmahx54ndlglcsgu57npzsattgqcn2sm6fzzw5io4n7cq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/798563fcf7600f7ef1a35996291a9dfb5f9902733404dd499e2e736ea1dc6fc5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_APT29_WINELOADER_Backdoor
Create hunting rule
Author:daniyyell
Description:Detects APT29's WINELOADER backdoor variant used in phishing campaigns, this rule also detect bad pdf,shtml,htm and vbs or maybe more depends
Reference:https://cloud.google.com/blog/topics/threat-intelligence/apt29-wineloader-german-political-parties
Rule name:Detect_Malicious_VBScript_Base64
Create hunting rule
Author:daniyyell
Description:Detects malicious VBScript patterns, including Base64 decoding, file operations, and PowerShell.
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:SUSP_Websites
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the reference of suspicious sites that might be used to download further malware
Rule name:test_Malaysia
Create hunting rule
Author:rectifyq
Description:Detects file containing malaysia string
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques
Rule name:yara_template
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://any.run/report/798563fcf7600f7ef1a35996291a9dfb5f9902733404dd499e2e736ea1dc6fc5/05909668-9a17-46eb-a6fc-d0c942e60e5a
  
Link
https://www.malware-traffic-analysis.net/2024/08/15/index.html
  
Dropping
warmcookie

Comments