MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db6521c8f6596403e98117b5cb2ed2817714acac93db385d9a103941222db3ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	db6521c8f6596403e98117b5cb2ed2817714acac93db385d9a103941222db3ee
SHA3-384 hash:	a8df9e70bd909788fae687eed582a125b017783ab716aa25f3e253ab330b25844963f924d74191c1b6b31204ab3f41c0
SHA1 hash:	18ae3e1a0b5f07b61f8cfe5a7629973530db1cd9
MD5 hash:	a3a759597b2a42bb9f521a91ff5b78dd
humanhash:	november-london-foxtrot-nuts
File name:	PAYMENT DETAILS.zip
Download:	download sample
Signature	AgentTesla Alert Create hunting rule
File size:	721'767 bytes
First seen:	2023-12-19 17:06:53 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	12288:46fSNDR/wHkjDNGUY3QspGgg0KAqWcOR2zk5H4Oprsv8YUOsJ:1fSNd/wHkjDNGUaQs7KA+OcUHhpr3OsJ
TLSH	T1C4E433E3FA105165E565362E4A0DE86F31A098CFD0BFEBB9F502937189A01B18D5F3B1
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	cocaman
Tags:	AgentTesla payment zip

cocaman

Malicious email (T1566.001)
From: "fjahangir.cs@optimaxbd.net" (likely spoofed)
Received: "from mail.optimaxbd.net (mail6.optimaxbd.net [203.112.73.74]) "
Date: "Tue, 19 Dec 2023 09:11:07 +0100"
Subject: "RE:PAYMENT SLIP"
Attachment: "PAYMENT DETAILS.zip"

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

210

Origin country :

CH

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

Relevant files 1

File name:	PAYMENT DETAILS.exe
File size:	949'760 bytes
SHA256 hash:	a738ef5ae6576c2ca7356087a74f73ccaa72858d887be25bbdf6f59dce37edff
MD5 hash:	b8db7cf9c446f34524697ed2bc30371b
MIME type:	application/x-dosexec
Signature	AgentTesla

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

Sanesecurity.Foxhole.Zip_fs3369.UNOFFICIAL

Alert

Create hunting rule

Porcupine.Malware.58887.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

masquerade packed

Link:

https://www.filescan.io/uploads/6581cdb9f4b6e5e16350a929/reports/263a8a5f-8c6a-44c9-86e2-352822ce8eaf/overview

Hybrid Analysis Troj/Krypt

Verdict:

Malicious

Labled as:

Troj/Krypt

Link:

https://www.hybrid-analysis.com/sample/db6521c8f6596403e98117b5cb2ed2817714acac93db385d9a103941222db3ee

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/db6521c8f6596403e98117b5cb2ed2817714acac93db385d9a103941222db3ee

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

Archive

Link:

https://malprob.io/report/db6521c8f6596403e98117b5cb2ed2817714acac93db385d9a103941222db3ee

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/db6521c8f6596403e98117b5cb2ed2817714acac93db385d9a103941222db3ee/

ReversingLabs TitaniumCloud ByteCode-MSIL.Trojan.AgentTesla

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-12-19 12:18:54 UTC

File Type:

Binary (Archive)

Extracted files:

13

AV detection:

22 of 36 (61.11%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3nssdshwlfsah2mbc624wlwsqf3rjlfmspntqxm2ca4ucirnwpxa._file

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/db6521c8f6596403e98117b5cb2ed2817714acac93db385d9a103941222db3ee