MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c60da7a3127421c401c63b14d91a6d3677d55dc70c2a5efb23580b328bb113c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c60da7a3127421c401c63b14d91a6d3677d55dc70c2a5efb23580b328bb113c4
SHA3-384 hash: b3c422c7140c7b95ece1d1fa332401ce6dddd78efee895b897830b80066ca59279679a8b3e6a61c6dc2439df2c836a82
SHA1 hash: 082af605ac2cf17ee8e790f714eca207487c3d22
MD5 hash: 3b0e249643093eb9a226520b66d9f1e0
humanhash: four-kentucky-robin-pip
File name:S O A -474-84RNEHDR8.zip
Download: download sample
File size:280'330 bytes
First seen:2023-01-27 07:19:03 UTC
Last seen:2023-01-27 07:19:21 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:4SFGWgU98OpBXCAVB8ltpay+wRywL1zPz/RTCSID:4SEWn93QZvxZjbO
TLSH T193542342303DE2F0F37B6716E44FD480F1A3D26BA38EC64578E801AB45249A0FDBA567
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:payment zip


Avatar
cocaman
Malicious email (T1566.001)
From: "overseas6@oceanbright.com.cn" (likely spoofed)
Received: "from hosted-by.rootlayer.net (unknown [45.137.22.136]) "
Date: "26 Jan 2023 14:20:08 +0100"
Subject: "RE:SOA OF DEC, pls check"
Attachment: "S O A -474-84RNEHDR8.zip"

Intelligence

File Origin
# of uploads :
2
# of downloads :
109
Origin country :
n/a
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:S O A -474-84RNEHDR8.exe
File size:905'216 bytes
SHA256 hash: fb8fdb08cf7984a3bac0cc7daeea3790a92306467543cf556945fc479a165dd8
MD5 hash: 1a9fc43e49a403d8ebec004626492384
MIME type:application/x-dosexec
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20230126-1133.UNOFFICIAL
Create hunting rule

Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/c60da7a3127421c401c63b14d91a6d3677d55dc70c2a5efb23580b328bb113c4/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm
Link:
https://www.filescan.io/uploads/63d37b24905a5ac3b908ef47/reports/0f728be4-27f5-4261-9a08-9987586ac1bb/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/c60da7a3127421c401c63b14d91a6d3677d55dc70c2a5efb23580b328bb113c4
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c60da7a3127421c401c63b14d91a6d3677d55dc70c2a5efb23580b328bb113c4/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-01-26 16:13:24 UTC
File Type:
Binary (Archive)
Extracted files:
44
AV detection:
16 of 38 (42.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yyg2piysoqq4iaoghmknsgtngz35kxohbqvf56zdlaftfc5rcpca._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/230127-jlyxfshh84/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/c60da7a3127421c401c63b14d91a6d3677d55dc70c2a5efb23580b328bb113c4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip c60da7a3127421c401c63b14d91a6d3677d55dc70c2a5efb23580b328bb113c4

(this sample)

Executable exe fb8fdb08cf7984a3bac0cc7daeea3790a92306467543cf556945fc479a165dd8

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fb8fdb08cf7984a3bac0cc7daeea3790a92306467543cf556945fc479a165dd8

Comments