MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a611b7495b0d436457a0134893a5720e6eed0a24156fc25b56e4fd90039da3cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a611b7495b0d436457a0134893a5720e6eed0a24156fc25b56e4fd90039da3cd
SHA3-384 hash: ee7ad0aaeddae29886b1ade1f7b7f48cc666a5f2c3a5785dc9fca74551ef36c39964e93662008031998c19d0ae9d81ad
SHA1 hash: b9f9151245db933009722a42966a3524a2745a94
MD5 hash: 3950ea3c23aff35e8222fac075dfb7c2
humanhash: east-undress-foxtrot-dakota
File name:SHIPPING INVOICE DOCUMENTS.zip
Download: download sample
File size:8'716 bytes
First seen:2022-07-05 07:34:04 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 192:QPTByl4Tuw8O0Gb6At1F8jMrvs2iD3KiG+wgRWs+YDSX:QPTBXNJjbnt1F/vPSs+wgRWs+YDc
TLSH T11A02BF32CF2A618A4CA01AAEF9C63709BB441C34F3310B155571AC9B3FB52CA8E455FB
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:INVOICE Shipping zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Kathleen<kathleen@well-rayocean.com>" (likely spoofed)
Received: "from well-rayocean.com (unknown [45.137.22.120]) "
Date: "05 Jul 2022 09:20:53 +0200"
Subject: "RE: H/BL: JRYE22050036 VESSEL/VOY : HAI SU 7 2215S"
Attachment: "SHIPPING INVOICE DOCUMENTS.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
172
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.AIDetectNet.01.8643.936.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated packed wacatac
Link:
https://www.filescan.io/uploads/62c3e9a876fa5a599443e2dc/reports/a400f475-fbae-45ed-8069-7ac6d658eff2/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/a611b7495b0d436457a0134893a5720e6eed0a24156fc25b56e4fd90039da3cd
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a611b7495b0d436457a0134893a5720e6eed0a24156fc25b56e4fd90039da3cd/
Threat name:
ByteCode-MSIL.Downloader.PsDownload
Create hunting rule
Status:
Malicious
First seen:
2022-07-05 01:27:43 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
20 of 26 (76.92%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uyi3osk3bvbwiv5acnejhjlsbzxo2crecvx4ew2w4t6zaa45upgq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220705-jd51ssfafr/
Behaviour
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip a611b7495b0d436457a0134893a5720e6eed0a24156fc25b56e4fd90039da3cd

(this sample)

Executable exe 39810e77e5073a5ca086563f084c8ff0f6e58ae7a0ba1bb268a52669be840f8f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 39810e77e5073a5ca086563f084c8ff0f6e58ae7a0ba1bb268a52669be840f8f

Comments