MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9fd0bd3e6b475e866a2e1cd1c15160d24dd3220f2070749b4b278d4701537814. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	9fd0bd3e6b475e866a2e1cd1c15160d24dd3220f2070749b4b278d4701537814
SHA3-384 hash:	2285cab72b2bbd01de3814869b3fa9a2671a20e94c673ed00fe9ce9a6e854684882e2e5f7ef431c394c43806474f23f6
SHA1 hash:	423519b9d5eac46eeaeb28df7222f3239bd2e857
MD5 hash:	3f86e3bd248a802d809e8ac6ef230211
humanhash:	east-papa-aspen-neptune
File name:	payment slip.zip
Download:	download sample
Signature	AgentTesla Alert Create hunting rule
File size:	638'454 bytes
First seen:	2023-12-15 09:15:45 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	12288:eFtaRP609S4rbnJEdj9PqBddJX/06EL3nlgmsyh04XIIhPz:eTaRPv9S4rtEdxPEddJDK3nlZLhpIIhb
TLSH	T126D423F789068DEF9E67DA5C4BB602E1BA51DF90AEC63738D6903D8109705730AF7212
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	cocaman
Tags:	AgentTesla DHL payment zip

cocaman

Malicious email (T1566.001)
From: ""lyla Wang (SZX GTW) (DHL CN)"<lyla.wang@dhl.com>" (likely spoofed)
Received: "from dhl.com (unknown [91.92.243.208]) "
Date: "14 Dec 2023 04:40:22 -0800"
Subject: "Re: Remittance Advice USD 758,678.89"
Attachment: "payment slip.zip"

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

166

Origin country :

CH

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

Relevant files 1

File name:	payment slip.exe
File size:	660'992 bytes
SHA256 hash:	5f18177e3983cc801653cb1da190145a1e83cc5b277ea0246107c15f165bb554
MD5 hash:	51a8ced8678ffa54523c4d31377ea20c
MIME type:	application/x-dosexec
Signature	AgentTesla

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

Sanesecurity.Foxhole.Zip_fs3369.UNOFFICIAL

Alert

Create hunting rule

SecuriteInfo.com.Win32.PWSX-gen.16638.20092.UNOFFICIAL

Alert

Create hunting rule

Sanesecurity.Malware.21664.ZipHeur.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Likely Malicious

Verdict:

Likely Malicious

Threat level:

  7.5/10

Confidence:

100%

Tags:

masquerade packed

Link:

https://www.filescan.io/uploads/657c1952ffafd83ebc908e61/reports/2017735f-0419-429d-8273-bf137191e51b/overview

Hybrid Analysis Troj/Krypt

Verdict:

Malicious

Labled as:

Troj/Krypt

Link:

https://www.hybrid-analysis.com/sample/9fd0bd3e6b475e866a2e1cd1c15160d24dd3220f2070749b4b278d4701537814

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/9fd0bd3e6b475e866a2e1cd1c15160d24dd3220f2070749b4b278d4701537814

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

Archive

Link:

https://malprob.io/report/9fd0bd3e6b475e866a2e1cd1c15160d24dd3220f2070749b4b278d4701537814

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9fd0bd3e6b475e866a2e1cd1c15160d24dd3220f2070749b4b278d4701537814/

ReversingLabs TitaniumCloud Win32.Trojan.AgentTesla

Threat name:

Win32.Trojan.AgentTesla

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-12-14 18:01:16 UTC

File Type:

Binary (Archive)

Extracted files:

8

AV detection:

21 of 37 (56.76%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=t7il2ptli5pim2rodti4cula2jg5giqpebyhjg2le6guoaktpaka._file

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9fd0bd3e6b475e866a2e1cd1c15160d24dd3220f2070749b4b278d4701537814