MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d351e6436247da7b9b874b9ab0f367070e903cf5121c70fb4a858e3e6ec9fae3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d351e6436247da7b9b874b9ab0f367070e903cf5121c70fb4a858e3e6ec9fae3
SHA3-384 hash: 0bf075206aba0a7cce538de9784c9ec5b395da06d055fecab57c6c524b381f881f221b3296c36c742d7ac973d8d72c42
SHA1 hash: add3cc2fa2d0d0c9313194ae2be04708734caa5a
MD5 hash: 175d5fb2a77a4ea92200fc10b37071d5
humanhash: oklahoma-video-spring-september
File name:COMMERCIAL INVOICE Nº 0001792E21 PDF.gz
Download: download sample
File size:10'631 bytes
First seen:2021-04-12 06:24:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 192:x0Ay5Eb6uSqqDcZNcX80TfeaVoHw3ygeRRwcZ3XzeKbICv:xpyaSqKX8u2giweZ6uv
TLSH 2022CF2710341C8EFE9569312C8CFC7DE359958844C8DC39A7D09FA82F86AA3934FB42
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.gulzd.com
Sending IP: 86.105.252.172
From: Invoice Petrolbras <Invoice@petrobras.com.br>
Subject: Sales Invoice & BDN
Attachment: COMMERCIAL INVOICE Nº 0001792E21 PDF.gz (contains "COMMERCIAL INVOICE Nº 0001792E21.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fn25.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/d351e6436247da7b9b874b9ab0f367070e903cf5121c70fb4a858e3e6ec9fae3
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d351e6436247da7b9b874b9ab0f367070e903cf5121c70fb4a858e3e6ec9fae3/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-12 03:12:22 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ni6mq3ci7nhxg4hjonlb43ha4hjaphvciohb62kqwhd43wj7lrq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210412-c3f1kjs792/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d351e6436247da7b9b874b9ab0f367070e903cf5121c70fb4a858e3e6ec9fae3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip d351e6436247da7b9b874b9ab0f367070e903cf5121c70fb4a858e3e6ec9fae3

(this sample)

Executable exe 3391f042d36df8b46c88b59509fd9838901d8b351c7bcbada9c63e0e500e5f68

  
Dropping
MD5 e5150ff409b4ef3ba63d076de8523485
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3391f042d36df8b46c88b59509fd9838901d8b351c7bcbada9c63e0e500e5f68

Comments