MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b38b6f65ea22d5f5b8c1a3a7073c2743c746e2f24a30290353a86fedc078c5b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b38b6f65ea22d5f5b8c1a3a7073c2743c746e2f24a30290353a86fedc078c5b4
SHA3-384 hash: d0782d144ebb205c17caa5509e5b1d53291cdacb0ba0e68ae9f6ab18b3afd4cfc2bd48bb9c0a7a910953483133134873
SHA1 hash: 0c69332bf36ad776ee6286f32fe140c823a77fd8
MD5 hash: ba408548665d6bb1e307867ccb9ecf57
humanhash: ten-carpet-september-pizza
File name:DHL AWB 60073535404.xz
Download: download sample
File size:769'381 bytes
First seen:2021-10-13 07:04:42 UTC
Last seen:Never
File type: zip
MIME type:application/octet-stream
imphash ae9f6a32bb8b03dce37903edbc855ba1 (28 x CryptOne, 18 x RedLineStealer, 15 x njrat)
ssdeep 12288:HG/onGprkMB62cAyPacr+DV8zNlpX+t4MYoYWjo0bWvKsJzcBK44kPqCoscm518g:b062cSEk8zNlLyYX0PMzyKUBpRWxbC
Threatray 978 similar samples on MalwareBazaar
TLSH T1B6F402117AD08471D172293445F9A331AA387D205F388AEF93D47B2D4E345D2AF3AB6B
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter abuse_ch
Tags:DHL xz zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
129
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/61668523fd35fe780c3c9dc4/reports/e9065473-c69d-4f81-a686-a16a364e3f46/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b38b6f65ea22d5f5b8c1a3a7073c2743c746e2f24a30290353a86fedc078c5b4/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2021-10-13 07:05:14 UTC
AV detection:
15 of 42 (35.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wofw6zpkelk7logbuotqopbhipdunyxsjiycsa2tvbx63qdyyw2a._file
Verdict:
malicious
Similar samples:
12c65e9b2189c8853552288feac6470dcc8ffe458f33c43d95146a420045c7ac
384b35bfb6d07dda3ea948bb9aa47a3024822ff40d21a13932381d6386643acc
8346802296fc33b77a434c410fee9e054ce3f670a74907d603a521128465b90b
8358e817e423f16dcdcd3f213229f7b7b63de4a1ccce5f7ab07997a57183f758
ab7553549ec32422ee868e71eb96fae87439a4c1333e400d455f31d0b74c8ef2
e386c831df697e516fedcab1ad8a879ae057a5f4f321a873dcd31e9c6760009e
eddbfe52ba633950c388e0303d5a04453f9ba9e3a3cdc60f9a1355707cd209e6
+ 968 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211013-hwhsjsdfh8/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b38b6f65ea22d5f5b8c1a3a7073c2743c746e2f24a30290353a86fedc078c5b4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments