MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 848bb4e9ca2acb33c8a183eefb65637edd6c2d837a6d490d41509896a79f95d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 848bb4e9ca2acb33c8a183eefb65637edd6c2d837a6d490d41509896a79f95d3
SHA3-384 hash: 1f17faee90baf4dfc1a150665d106714667eaf796c2aec57d84b8a2b03e8b0dd2f3ad8ae8f61187d04075fb6c8c3fac2
SHA1 hash: e97d4899e8a7e5f0a7ac79edbf87ee15f34dd68c
MD5 hash: 7596cb795eb604c32849131bedb6a193
humanhash: florida-may-four-idaho
File name:DHL EXPRESS.exe
Download: download sample
File size:213'504 bytes
First seen:2020-12-22 12:48:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3849e503bd822b45c5ad473e158c5201
ssdeep 6144:uhcCTRMmuNW2AQipCJpDOB4LxuK4UZ93u0+R4:JCTRJugQipC3OBUxuTUZ93s4
Threatray 5 similar samples on MalwareBazaar
TLSH A92412549F0CC73BC769797984C688B21E0F267997D038E3DA88B6B6AF154C1D8F068C
Reporter abuse_ch
Tags:DHL exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps.a1terainfra.com
Sending IP: 45.85.90.118
From: DHL EXPRESS <kevin@overseas.sanxing.com >
Subject: DHL EXPRESS
Attachment: DHL EXPRESS.zip (contains "DHL EXPRESS.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
213
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
DHL EXPRESS.exe
Verdict:
Suspicious activity
Analysis date:
2020-12-22 13:28:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/79a27586-1111-4fdc-b0f1-48c6da3b49b5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108879/
Detection(s):
SecuriteInfo.com.Artemis7596CB795EB6.20163.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/568271
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/848bb4e9ca2acb33c8a183eefb65637edd6c2d837a6d490d41509896a79f95d3/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-12-22 12:49:04 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qsf3j2okflfthsfbqpxpwzldp3owylmdpjwusdkbkcmjnj47sxjq._file
Verdict:
unknown
Similar samples:
1b95de55808c88599a46d6a21a0063a874a6e2ca7f0644989ce60eee025a6485
5bdbe509086a48374c2eb7d22558abaad0d87f61962965ddfeb91bc0d1a1491d
70528f1500aeffb424cc452a6afaa99ddf4b8deb61a6e41830270dfb1400589f
81f08bb7f6faa0880efb94cc2fb91eec241e83b3d5b992c9564608bbe3c974e2
d0a531def227f88eb7cf052fb7b94b33b7a1daca060bdb464e21739d606c99d4
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201222-pbv9hxpp7s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
848bb4e9ca2acb33c8a183eefb65637edd6c2d837a6d490d41509896a79f95d3
MD5 hash:
7596cb795eb604c32849131bedb6a193
SHA1 hash:
e97d4899e8a7e5f0a7ac79edbf87ee15f34dd68c
Link:
https://www.unpac.me/results/53e9bb4f-7655-49d8-8901-4af253aa60aa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.50
Link:
https://yomi.yoroi.company/submissions/848bb4e9ca2acb33c8a183eefb65637edd6c2d837a6d490d41509896a79f95d3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip d8225bbbd4dfd667f9a5d5cc2915ac09d1842446d48543416e348639134f99cf

Executable exe 848bb4e9ca2acb33c8a183eefb65637edd6c2d837a6d490d41509896a79f95d3

(this sample)

  
Dropped by
MD5 b65cc5a510d8d6a91bd0d642bec169a9
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d8225bbbd4dfd667f9a5d5cc2915ac09d1842446d48543416e348639134f99cf
Cape
Cape
https://www.capesandbox.com/analysis/108879/

Comments