MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa37c9834962ef744c594c5dc3c3c29f2636214a883539517ced0543743da548. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa37c9834962ef744c594c5dc3c3c29f2636214a883539517ced0543743da548
SHA3-384 hash: 7efcd59c759a21bb6d96d645a37d9f32bd334789f4943aeca60c8dc15c7411f187e59ac5e6af455bf77c70836bcd6463
SHA1 hash: b37c6404cdd629a94da8c544b36fc2d2feddff2a
MD5 hash: aeb68f698f88108260ca933385e865e9
humanhash: island-happy-pennsylvania-kitten
File name:proforma invoice.pdf
Download: download sample
File size:62'382 bytes
First seen:2023-11-20 07:12:18 UTC
Last seen:Never
File type: pdf
MIME type:application/pdf
ssdeep 1536:ItsdoQoCgFI8+9F1hTKMqi0moxuBHUobrU65bzHQ/Y:ItsdhCI8c19KMH0mgSUobAM/Q/Y
TLSH T11553F248775F851BDC222A3836A836468B3C7C73B551513D7E1432868E82E7633E6DAF
Reporter cocaman
Tags:INVOICE pdf

Intelligence

File Origin
# of uploads :
1
# of downloads :
427
Origin country :
CH CH
Vendor Threat Intelligence
Result
Verdict:
Clean
File Type:
PDF File
Link:
https://app.docguard.net/aa37c9834962ef744c594c5dc3c3c29f2636214a883539517ced0543743da548/results/dashboard
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/aa37c9834962ef744c594c5dc3c3c29f2636214a883539517ced0543743da548
Label:
Benign
Suspicious Score:
2/10
Score Malicious:
2%
Score Benign:
98%
Link:
https://www.malware.ai/gui/files/?id=b8da5c4d-9405-4c95-b0f5-99c527c31403
Result
Verdict:
MALICIOUS
Details
Document With Few Pages
Document contains between one and three pages of content. Most malicious documents are sparse in page count.
Document With Minimal Content
Document contains less than 1 kilobyte of semantic information.
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
1 / 100
Link:
https://www.joesandbox.com/analysis/1344984
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aa37c9834962ef744c594c5dc3c3c29f2636214a883539517ced0543743da548/
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2023-11-20 07:12:20 UTC
File Type:
Document
Extracted files:
2
AV detection:
9 of 23 (39.13%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vi34ta2jmlxxitczjro4hq6ct4tdmikkra2tsul45ucug5b5uvea._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/aa37c9834962ef744c594c5dc3c3c29f2636214a883539517ced0543743da548

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

7z 0c2d3bb028c729f96e4338566577cfd390b0ea6cb28684d807d379a6a6839fe6

pdf aa37c9834962ef744c594c5dc3c3c29f2636214a883539517ced0543743da548

(this sample)

AgentTesla

Executable exe 20b4ef8e8decc7e48f1ce33615ea9280c20f6ff81efafa86cf5f9bd7de4ebcdd

zip 76f948c084b30647cc6fe5aa31ad9a8af237f8b3d3d48d7811fbe56c01a82057

  
Delivery method
Other
  
Dropped by
SHA256 0c2d3bb028c729f96e4338566577cfd390b0ea6cb28684d807d379a6a6839fe6
  
Dropping
SHA256 76f948c084b30647cc6fe5aa31ad9a8af237f8b3d3d48d7811fbe56c01a82057
  
Dropping
MD5 dfb73550b16f3035977b82a6ab3a5bd3
  
Dropped by
MD5 40ce0b5f077916ed9defb60809ab4b8e

Comments