MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6177b19a010725f003f7828862f9217af33f3b38a517a40c94c7e8174a91c95. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Renamer


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b6177b19a010725f003f7828862f9217af33f3b38a517a40c94c7e8174a91c95
SHA3-384 hash: bcc0f297ad471d05b4374133fad9d574c08bb8b0195562e57269849ed153d5447231a84393bd3745185f9c6c6a6db491
SHA1 hash: 2a90d678ae6cc69dad4b13b7f8ac8f9312940269
MD5 hash: 61e2a89e1c0a05bcb513a0b7cbcc571d
humanhash: hot-fifteen-eleven-cup
File name:DHL PARCEL AWB 1377649875.exe
Download: download sample
Signature Renamer
Create hunting rule
File size:1'576'960 bytes
First seen:2020-10-26 14:10:58 UTC
Last seen:2020-10-26 14:11:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2f095340e94ca508e3b83fb009ebf4cc (18 x Renamer)
ssdeep 24576:XcCT67wHqWis4l+jIACFr5hqjiLDpSJDN93pqb6W8cU4gLQBBtA:MCpn8t74iA3qb6W8cU4LB2
Threatray 506 similar samples on MalwareBazaar
TLSH 9775010BDDEF116BFC552B71D02548B310FBF9F60E464722B6E1E60D2A70FA166384A6
Reporter abuse_ch
Tags:DHL exe Renamer


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: alhattabholding.com
Sending IP: 162.241.156.197
From: DHL DELIVERY REPORT/ AWB <angelaroslan@yahoo.com>
Reply-To: angelaroslan@yahoo.com
Subject: DHL PENDING PARCEL /DHL ARRIVAL NOTIFICATION !
Attachment: DHL PARCEL AWB 1377649875.rar (contains "DHL PARCEL AWB 1377649875.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Renamer
Create hunting rule
Link:
https://www.capesandbox.com/analysis/79157/
Detection(s):
Win.Packed.Ponystealer-6733035-0
Create hunting rule

Win.Trojan.VBGeneric-6989114-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/511901
Signature
Antivirus / Scanner detection for submitted sample
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b6177b19a010725f003f7828862f9217af33f3b38a517a40c94c7e8174a91c95/
Threat name:
Win32.Trojan.DistTrack
Create hunting rule
Status:
Malicious
First seen:
2019-06-17 03:20:00 UTC
AV detection:
29 of 29 (100.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wylxwgnacbzf6ab7pauiml4sc6xth45trjixuqgjjr7ic5fjdskq._file
Verdict:
unknown
Similar samples:
53174a644680154786d09b66cc8c4a1aa83c625bd10137600bf191573fa5c602
Renamer
67f4f7cc31f0ceaa09aee924d8930f653f2af08870b66ae7b4258200908a3c9a
Renamer
686eca2834dd77a34fa608e4cd4507c6ac57613a41a705ad848b81fe8dbfcec4
Renamer
840fcf3e185f0a54e8f1aee00cbcaa8b452a7f45bedb258e3afef8cb9fd3e0fd
Renamer
93a1f0fa0637acd096c86ec4d7d3c6f73f689bf41f3cd16b5e5bcce48dcdc540
Renamer
99a98bc6f2caf5e6fe3e6ada1af35586392ea48a28bc601522bed98454cc6af6
Renamer
ab703a3bc7d05c62bcc127febfd82a7903a47f45664b5195ada070eb748d5b25
Renamer
be98190a6bf8bc5b3781fd7e68b8d57d5a0bc2b9c66a7106dd32495b44a9154d
Renamer
d488fdd8ec36dfc1fdb311acf96de17d0a2a06ee3ef24eafc5a3d61708889f8a
Renamer
e78fc612cad822b8532351787c4da091dd4ddbfc499d3563050b21c6ba5c0fef
Renamer
+ 496 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201026-7pmts2sbhn/
Behaviour
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_Renamer
Create hunting rule
Author:ditekSHen
Description:Detects Renamer/Tainp variants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Renamer

rar 7dd62898d277998f952cd4d97408dd547fd4034c4bc5fe45d47db0f4b3c151b0

Renamer

Executable exe b6177b19a010725f003f7828862f9217af33f3b38a517a40c94c7e8174a91c95

(this sample)

  
Dropped by
MD5 4e6c868b95728b7ae58d9d279d453529
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 7dd62898d277998f952cd4d97408dd547fd4034c4bc5fe45d47db0f4b3c151b0
Cape
Cape
https://www.capesandbox.com/analysis/79157/

Comments