MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0c7093da2b6ad44eb3515b4d12036a55ac08b68f8d62d8ce9d28e759be9c48c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0c7093da2b6ad44eb3515b4d12036a55ac08b68f8d62d8ce9d28e759be9c48c
SHA3-384 hash: 153ea4b5453c3526058f22e77d30b47e99f47bc0681df95e6f46d43a251da6b835641c0f729a192ee3c4192952b37379
SHA1 hash: 872fec0de6abf741b5238de50b542deb37f2585b
MD5 hash: 543c7a7a771a8d4c06a13b5697db8ad5
humanhash: sad-butter-winner-wyoming
File name:New Order pdf.exe
Download: download sample
File size:745'984 bytes
First seen:2021-01-19 07:16:26 UTC
Last seen:2021-01-19 09:21:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:vjy3DF/5892Rfx7zybPoUy2i69LP+LYrAo23KB2pTwcSn9vCfEvg4:7yzF/B1xUtZ9LAYT23d9ZSn9Vd
Threatray 31 similar samples on MalwareBazaar
TLSH 59F4BE07E61C9525C9287DFD8CAB732D6E16C887CF50DAD47B57BE1E64A1FC04AC8882
Reporter abuse_ch
Tags:exe Yahoo


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: sonic302-3.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.135.42
From: Mustapha_Atteku Hamida <mustapha_atteku.hamida@yahoo.com>
Subject: New Order
Attachment: New Order pdf.z (contains "New Order pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
New Order pdf.exe
Verdict:
No threats detected
Analysis date:
2021-01-19 07:19:24 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/31aa2b48-e7ea-466f-9f9c-4dc752c20b89

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/112752/
Detection(s):
SecuriteInfo.com.Variant.Bulz.311426.18211.24692.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/584801
Signature
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b0c7093da2b6ad44eb3515b4d12036a55ac08b68f8d62d8ce9d28e759be9c48c/
Threat name:
Win32.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 07:17:09 UTC
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wddqspncw2wuj2zvcw2ncibwuvnmbc3i7dlc3dhj2khhlg7jysga._file
Verdict:
suspicious
Similar samples:
0232a1b1877a9e16f3e24ce5add9e3112597f67870fabc96ed63b1cfa978d4d1
02c430c51fa15522e80f952731fabd0f06d968d1205c2249e30a052a4e96d771
154c8ad4fe041cb711c139005c210a63f15c3c030cab34e358256c4375a06aba
29800b7d8e8c3c60918a37c992a2890b4ccf9e4e0c949accd48821302d0f2891
30eb1963753aa4a9d4987f1e43c684d91b1b9ca11202a7f751bc621a0149cb19
45dbdfee969f471810b5c4940e8bf57a5ce301467329ee9e6d220a93231892a7
a8f6d5c53f1ce4b3841a24cff74e977bd18ee5d4a7566252f9aed42b4fd01b4d
db0b892ea1b776ac1324cdb701d9d5fe49e4817259e93cedf8249ed3f9983664
db433304c3e22d8222cfe510e8548515c9dccfc9f080f94efc67aa11f44a6b3f
f4ca965db7cfd5944b5d6902f391f91f7c3994973955f2af97a91ec146977cc4
+ 21 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210119-xld32xqnl6/
Unpacked files
SH256 hash:
b0c7093da2b6ad44eb3515b4d12036a55ac08b68f8d62d8ce9d28e759be9c48c
MD5 hash:
543c7a7a771a8d4c06a13b5697db8ad5
SHA1 hash:
872fec0de6abf741b5238de50b542deb37f2585b
Link:
https://www.unpac.me/results/dddb9b21-55ea-4c3d-8104-9da45aca52c2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/b0c7093da2b6ad44eb3515b4d12036a55ac08b68f8d62d8ce9d28e759be9c48c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

z c2013af679a886c54c8773d25d0dc20e762c43c999502897a68d54bd54be36ef

Executable exe b0c7093da2b6ad44eb3515b4d12036a55ac08b68f8d62d8ce9d28e759be9c48c

(this sample)

  
Dropped by
MD5 750c20ba47dcfca7ed3381b1b58cf2b6
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/112752/
  
Dropped by
SHA256 c2013af679a886c54c8773d25d0dc20e762c43c999502897a68d54bd54be36ef

Comments