MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0e13f7370b44797c5c05291a3b03f280286263083d2f7c719defbdd55b42dcb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	b0e13f7370b44797c5c05291a3b03f280286263083d2f7c719defbdd55b42dcb
SHA3-384 hash:	e495adea8745f16129d036c77492d2ee7fe53c87172ad053836e5f3901f0cfd3221a5d198ced7d370dae8fd27b663924
SHA1 hash:	c44a04b98aae0ed54792ff4685c6dce994d72b20
MD5 hash:	47641ffea7b676f433fbdf9cd66b4b5b
humanhash:	arkansas-seven-whiskey-undress
File name:	Invoice-DocuSign-May25-2023.zip
Download:	download sample
File size:	26'844 bytes
First seen:	2023-05-25 16:02:35 UTC
Last seen:	2023-05-27 02:06:09 UTC
File type:	zip
MIME type:	application/zip
ssdeep	384:420CGuMMgOuTVcLSm48aSWty+vGjNMagBrwIbJc4ZiJ52+234ANe5k6benM29TJx:49CGuMuGea4jQ+T52767U9HJHOJBmr
TLSH	T113C2F1063DB6FC6EF7985323AAC03993DA49472123BB6095322641167FABD214CE5DB1
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	0xToxin
Tags:	159-65-42-223 zip

Intelligence

File Origin

# of uploads :

# of downloads :

118

Origin country :

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	Invoice-DocuSign-May25-2023.js
File size:	53'183 bytes
SHA256 hash:	e1a85757d9a5750078f646461f6bd61dede7236bab90451321ea9b043dcd20f0
MD5 hash:	78d170235bb001ce8e24d4a3a5b0be6f
MIME type:	text/plain

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL

Result

Verdict:

Clean

File Type:

JS File

Link:

https://app.docguard.net/b0e13f7370b44797c5c05291a3b03f280286263083d2f7c719defbdd55b42dcb/results/dashboard

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

obfuscated

Link:

https://www.filescan.io/uploads/646f86b58fadc1369d1e2e0a/reports/31966270-f3cf-4f96-aae7-4cbbec66a63c/overview

Verdict:

Malicious

Labled as:

HEUR/Suspar.Generic

Link:

https://www.hybrid-analysis.com/sample/b0e13f7370b44797c5c05291a3b03f280286263083d2f7c719defbdd55b42dcb

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/b0e13f7370b44797c5c05291a3b03f280286263083d2f7c719defbdd55b42dcb

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b0e13f7370b44797c5c05291a3b03f280286263083d2f7c719defbdd55b42dcb/

Threat name:

Script-JS.Malware.Callisto

Status:

Malicious

First seen:

2023-05-25 16:03:03 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

6 of 23 (26.09%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wdqt643qwrdzproakki2hmb7fabimjrqqpjppryz33552vnufxfq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/230525-tmxqwsbb63/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample