MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3312dc17f22aaba92b73f085efc4013f4b910d793608a6c755b2ba4aeebd13d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3312dc17f22aaba92b73f085efc4013f4b910d793608a6c755b2ba4aeebd13d
SHA3-384 hash: 8059abb14f314d056315132ee990529c80eb15e75040cff1fea210026b9c0d3f72fb6b618220673cb0e3f14a8f8ce4f4
SHA1 hash: b57886425b42506b17590762f6df79a39d5e0ed0
MD5 hash: 85775c31dfbb6e0df334838bff7adbad
humanhash: fifteen-twenty-november-arizona
File name:Order List_pdf.exe
Download: download sample
File size:934'400 bytes
First seen:2020-12-08 07:52:16 UTC
Last seen:2020-12-08 09:31:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:Mbv27SFKj8fRmlnTfDKt1fmbirfMmN4b+T/1bveIWAJEdl0sTvr7pRZtAzMRt19z:Mq7EKjsmTD2RNh9bveIeY+HCMRt19R
Threatray 12 similar samples on MalwareBazaar
TLSH 4415BF349FB8053AF57BAB7C86A02445A7AE37E37707CD6C59B602C90723A42D9C163D
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.palmercreative.co.uk
Sending IP: 185.217.43.142
From: Saskia Zepf <szepf@zepf-medical-instruments.de>
Subject: Urgent Back Order List !
Attachment: Order List_pdf.gz (contains "Order List_pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107188/
Detection(s):
SecuriteInfo.com.Artemis85775C31DFBB.16352.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching the default Windows debugger (dwwin.exe)
Result
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/557688
Signature
.NET source code contains very large strings
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d3312dc17f22aaba92b73f085efc4013f4b910d793608a6c755b2ba4aeebd13d/
Threat name:
ByteCode-MSIL.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2020-12-08 07:53:10 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2mys3ql7ekvlvevxh4ef57cacp2lsegxsnqiu3dvlmv2jlxl2e6q._file
Verdict:
unknown
Similar samples:
1989b7078501dfe26669ba2af737ed8dba616acb527193e3c64eaf3a1942c5b8
4cf9aa6df9472ddba54a9104d6d559229da3796b96a8dcd2a9ed52873f7359e5
58322659acfc21d063a2acb0d64ea2846d21ab2e256b0ae4f83646ff03bf2387
5df2f562749ce15ad7236e5ddf98ca6d8345c6edb40d7d9b7363b3dac26c4a83
6fa5193499b368d6d8019e1d0911bfd896de0e79250f6b1bf9f371c7f213f12f
c8bc2bde7ab29368fc3ac5e32367bf63156514940465721908846bcc353eec27
d805b37ff430c59fbac19f5ccbbaa2eec750849def87f05c7bf14e68f8531416
dcb39be80203e5de62b87f99b5fe21eb25556d58c9d654156850995e86f1f4ba
de10e041ff3250edccbe8a5edee50e9812620a3fff80de82545f018ad24cca0b
ff21de6f802e53369430d704c5372b8598c4ffdb7a693664ef22422c04b84c5f
+ 2 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201208-xbfzpet4we/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
d3312dc17f22aaba92b73f085efc4013f4b910d793608a6c755b2ba4aeebd13d
MD5 hash:
85775c31dfbb6e0df334838bff7adbad
SHA1 hash:
b57886425b42506b17590762f6df79a39d5e0ed0
Link:
https://www.unpac.me/results/4557fb31-77ab-4d26-90d3-c7e517d5126b/
SH256 hash:
9584f6d01e6452371cc9b4828030a13045d99c243c497b63628828e66aabe26f
MD5 hash:
7476e403eef14ac403c63c7279831780
SHA1 hash:
8387f558e30dc115987ac2b5c174a41302471abf
Link:
https://www.unpac.me/results/4557fb31-77ab-4d26-90d3-c7e517d5126b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.48
Link:
https://yomi.yoroi.company/submissions/d3312dc17f22aaba92b73f085efc4013f4b910d793608a6c755b2ba4aeebd13d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz ea861a2eb0cada8eb644eede9894d81b2bad01094369c7eb979d623f8a7a276a

Executable exe d3312dc17f22aaba92b73f085efc4013f4b910d793608a6c755b2ba4aeebd13d

(this sample)

  
Dropped by
MD5 d3adf5ce29e8422397ef5d52d1232b1e
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/107188/
  
Dropped by
SHA256 ea861a2eb0cada8eb644eede9894d81b2bad01094369c7eb979d623f8a7a276a

Comments