MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5f61a493b7fd20696bacb1d153c97b9d36ef692b539c7354e73940e9856328c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c5f61a493b7fd20696bacb1d153c97b9d36ef692b539c7354e73940e9856328c
SHA3-384 hash: b456d4365cbefb90158d5949e4ab7d30db0bb95cda67c6641fcbee41952ba82bf22665f03c9f95896bbd2e8bb3608aeb
SHA1 hash: 8ba088cad64a083e770dc32feb91d5539f4ba246
MD5 hash: 3c7346968bfeaf2db4bf60ff7e5992b5
humanhash: virginia-yellow-oregon-sweet
File name:Shipping Invoice___PDF_______1443341.exe
Download: download sample
File size:918'528 bytes
First seen:2021-04-22 06:27:49 UTC
Last seen:2021-04-22 09:09:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:zIG8m2ZCZiZkBMVqLQO5QbD+5ZVVwCC0V7AOGzRRRRR5qWK5:zMm2SQO5+Du2ChV8OiRRRRR5qp
Threatray 407 similar samples on MalwareBazaar
TLSH A0159E41B2A9C8BBE41722F1D896E4F422917D45EA22912F359FBE1F75F33421097E0B
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Shipping Invoice___PDF_______1443341.exe
Verdict:
Suspicious activity
Analysis date:
2021-04-22 06:46:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cfe2cf6a-8ad1-4382-9948-9d27f19b40cb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/143558/
Detection(s):
SecuriteInfo.com.Artemis3C7346968BFE.8540.19285.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/692379
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c5f61a493b7fd20696bacb1d153c97b9d36ef692b539c7354e73940e9856328c/
Threat name:
ByteCode-MSIL.Trojan.Phonzy
Create hunting rule
Status:
Malicious
First seen:
2021-04-22 03:02:03 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yx3busj3p7janfv2zmorkpexxhjw55uswu44onkoooka5gcwgkga._file
Verdict:
suspicious
Similar samples:
25b27bf77a7d59f3bdc13c4462475432d4f4592973bf5b2e4f8c42cda3d89457
679ebf79dd090c45ab0777aea92e3f2dc6b8199eb8cd17fb7ca50e6239ccb62e
704bd3f6c7d6671e896d71bc871f415cfc78209ae32cc518e95e39e7c06f83ad
8306ecd76526e6df50a00decb52227baf35cebc06651ef7e449ace2379ec39cb
ba2915e301b95f709a0908fc0cb97a4226848f48e98af7172e246a3aff4e244f
bd299f37aa9e98b1f42640c6c588b65fb932abd4c3c4b7d258e37be327ae60a4
c4694ce810c06b60cd032b8ff67964924a0c273a81f8ca5ce55064cf9fb6ec0a
dacbe7aca7fdbfcae4a604018f5dc3e182709d5e8eb81a07a454ff376a6b9f25
f27dfa34490a595f8ad99b083d4b0e3147b183c651e41760b038339e441b8582
f3b2b42ef8cec0923c1775d70e26d43577f386e0080b5e3215f608dd33e75313
+ 397 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210422-87rjn56m1x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c5f61a493b7fd20696bacb1d153c97b9d36ef692b539c7354e73940e9856328c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/143558/

Comments