MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f7d1999ac5ed03e1c7af4a42100690e2ca326b4219faad33cfc698bc56c4d63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f7d1999ac5ed03e1c7af4a42100690e2ca326b4219faad33cfc698bc56c4d63
SHA3-384 hash: 452cae10f1e4374503b2672eb4db3f31d21d253a5f123b47cd70c1ccf92db0ca607b8ced52a76e7f64fabf6799ae3686
SHA1 hash: 997320dee58e2c5b1e09f7f4622dea60832b1afb
MD5 hash: 61357a67bf27e938176cb2fa6297c360
humanhash: jupiter-kentucky-ten-orange
File name:DHL e-invoice.exe
Download: download sample
File size:565'248 bytes
First seen:2021-01-14 10:00:34 UTC
Last seen:2021-01-28 15:55:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7ef69425fc222d0e85557975e1f2ab9f
ssdeep 12288:cQqCB7jLvfZC9w67/4xgw0E0kxry7IhOmxYg:cQqOjfZCp4awpVP3
Threatray 32 similar samples on MalwareBazaar
TLSH 9EC47D7DBB12D506E1AC1BB052D75B24296BEC9432200017E2B63F5D7DB73E87D4AB88
Reporter GovCERT_CH
Tags:DHL

Intelligence

File Origin
# of uploads :
6
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
NEW ORDER 2021.exe
Verdict:
Malicious activity
Analysis date:
2021-01-13 08:10:39 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/36d9da8c-be04-49bd-954e-d651a8ee5200

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111985/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.45438504.17167.4681.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Creating a file
Creating a window
Reading critical registry keys
Deleting a recently created file
Replacing files
Launching cmd.exe command interpreter
Sending a UDP request
Launching a process
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/581115
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8f7d1999ac5ed03e1c7af4a42100690e2ca326b4219faad33cfc698bc56c4d63/
Threat name:
Win32.Trojan.Bingoml
Create hunting rule
Status:
Malicious
First seen:
2021-01-12 13:51:01 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
17f03c053516f1109b19ccc244b09e1ce77205f019e6586c84b8c37c775e9bb7
2348533bdaabfe1f6418b36fa8e3aa06beb2317636a4cb6b0248bd4a01e51f95
28af95bea8456409bdb09856b0f46304eff9801c3c841b1362ca7a794d7628a5
2f40f4d8e5fd1aeb0510e07f954f0f22f6d0e6644bae21bfcd5b913696c158cb
500ed3874fbce955e3b8ac1531452a785a35b62ae4fd159e35448ec3e52765c2
68f9243f40945d2c3f15bed2d106401737caa94a26716af3d5918b3c0f760e8b
9e5f370201251e8dc138678f8e0d4f0bdd75e1353edcc77d41c8401621c2c671
a83fcb8454befab866f2ab18871017730bcfc3f690106844f740ebbd8cadd6d8
eadf68391314007ba0c5b1d3a557c86cc36a75eaaf08e7d54d0f59b6ff7b7bda
f69bdd82ca22268d090832707e37b1cae408ba96476843b55feedac11acc6277
+ 22 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/210114-bngn5qlsl6/
Behaviour
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Accesses 2FA software files, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
8f7d1999ac5ed03e1c7af4a42100690e2ca326b4219faad33cfc698bc56c4d63
MD5 hash:
61357a67bf27e938176cb2fa6297c360
SHA1 hash:
997320dee58e2c5b1e09f7f4622dea60832b1afb
Link:
https://www.unpac.me/results/b38dc310-a21e-406e-8a17-88a69d592cef/
SH256 hash:
edc8e10e42d63d83f883f0b554fc12b1f99bae5df6aa50165d3501330aa3ee1a
MD5 hash:
0c62e41db4ca02f0198fef070da6d293
SHA1 hash:
859d1cc9820b0824213edf0d29cbedad2b9631cf
Link:
https://www.unpac.me/results/b38dc310-a21e-406e-8a17-88a69d592cef/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Ursnif
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/8f7d1999ac5ed03e1c7af4a42100690e2ca326b4219faad33cfc698bc56c4d63

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ace c5daa4faa409c53b0d1d41f6ebf03b4dc8b09b3ccb98e2e11f70785f43ba1ec9

Executable exe 8f7d1999ac5ed03e1c7af4a42100690e2ca326b4219faad33cfc698bc56c4d63

(this sample)

  
Dropped by
MD5 0f2ce5a48d16f9f1e891e856484a7cb4
  
Dropped by
SHA256 c5daa4faa409c53b0d1d41f6ebf03b4dc8b09b3ccb98e2e11f70785f43ba1ec9
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/111985/

Comments