MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b15e8de32a6f88828b2aa5db114fb36ff5428f09743a50e5cf2253898391890. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b15e8de32a6f88828b2aa5db114fb36ff5428f09743a50e5cf2253898391890
SHA3-384 hash: edc2b610ccda9ddef28d09f42a8741c12f1e3a238beab432d69cd27e629465c572b4e326c2a0ac541933176831d01c01
SHA1 hash: 7b8a0425c3cfb66dd14e1980f42d2094eaaf59f8
MD5 hash: 01b090f378d4bfe392c0fda6334f059a
humanhash: helium-angel-aspen-nevada
File name:DHL-#AWB130501923096PDF.exe
Download: download sample
File size:660'992 bytes
First seen:2020-10-14 15:22:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:gXHR264zcDdWUuCynYHlTcGLGe1cFEIyhY4sIncETbI7gZJ6uzl+1:SH8cWgcGLGcsIH3wk6uzlG
Threatray 11 similar samples on MalwareBazaar
TLSH 06E4AD7C8E790F6BCA78613A41041A7312F88ED22515F6D9BEE0ACC936EDF0B4791617
Reporter abuse_ch
Tags:CHN DHL exe geo


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: serve0.holzladenplc.pw
Sending IP: 104.168.143.211
From: DHL <hr@holzladenplc.pw>
Subject: 需要采取的行动 - Please Confirm Your Shipment Address
Attachment: DHL-AWB130501923096PDF.rar (contains "DHL-#AWB130501923096PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70891/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching a process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/491318
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9b15e8de32a6f88828b2aa5db114fb36ff5428f09743a50e5cf2253898391890/
Threat name:
ByteCode-MSIL.Trojan.Malrep
Create hunting rule
Status:
Suspicious
First seen:
2020-10-14 06:43:10 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tmk6rxrsu34iqkfsvjo3cfh3g37vikhqs5b2kds46istrgbzdcia._file
Verdict:
unknown
Similar samples:
205a2f88f490388970c68b7512acfb90756655b4115e3bbe7b2b77efeab58bdf
34e851e30200d924177f7d916452342a87df1388830625bd3e43510ce4136af5
489daeea6bc3472ed4d59ecd6127bf14ed8c1c0ed7ae00fafaa743dbccc6ce30
578df50c34d2f8f3146e5c4a457c4e9eac639070d3766ba202c84af6a790d4a7
5ca31895fba7436535346a9d1a5cc9c152915f1101eaf80ba7fe4d8acc8f115c
640e087a78aa77a9bb49027500f1f29f9d31f5b64c13c99b690ea813d0737fd4
6b574d15c00a4b1c9da4991da69f6ca20f086b65373abf462e8a252f18daf3f7
9bf180bb7b3cc0fcc6d01b68e2aa82d2f853e081ec71e34942d875324a2415b4
dd10a839cf519c1f245ba3c21cdac6b9d8d7d863b4f0336be99b4da9e0254808
dd5712ad571847f064a5dfcd49ee82e3d2b42959bef23a773512dc41af030f6e
+ 1 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201014-4xqfgjb2hs/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
9b15e8de32a6f88828b2aa5db114fb36ff5428f09743a50e5cf2253898391890
MD5 hash:
01b090f378d4bfe392c0fda6334f059a
SHA1 hash:
7b8a0425c3cfb66dd14e1980f42d2094eaaf59f8
Link:
https://www.unpac.me/results/515d0c4b-c6c6-4012-a689-6c58da890e82/
SH256 hash:
01dd844990e0c5fdcea0f88712253aa1ef4750316f0734ab7099306170b5ea2a
MD5 hash:
eb593633270aa19162cf64663df9dd6c
SHA1 hash:
2ec57181471ff10abe9a04239ca3ea86ea4252b9
Link:
https://www.unpac.me/results/515d0c4b-c6c6-4012-a689-6c58da890e82/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.66
Link:
https://yomi.yoroi.company/submissions/9b15e8de32a6f88828b2aa5db114fb36ff5428f09743a50e5cf2253898391890

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 74682f06692ccb17c378e9720ce28b76b4354d27079b05fe65f4e34e88c2a4cf

Executable exe 9b15e8de32a6f88828b2aa5db114fb36ff5428f09743a50e5cf2253898391890

(this sample)

  
Dropped by
MD5 abf0f29f6c88a35600cf7f668198db42
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 74682f06692ccb17c378e9720ce28b76b4354d27079b05fe65f4e34e88c2a4cf
Cape
Cape
https://www.capesandbox.com/analysis/70891/

Comments