MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7038fea8e971069b99dccef6ab0242e2faaa33c6cc6f29afe6c0c37ac2645bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e7038fea8e971069b99dccef6ab0242e2faaa33c6cc6f29afe6c0c37ac2645bb
SHA3-384 hash: d2ca88cfee679218c5d9d6574e20bf8cdc002d8e34965f18aa9a25239ca4dadb9ca3875ab74464e833804a8c15a029f6
SHA1 hash: c43a08f031048285a6f4553e919ba74e6b2035c9
MD5 hash: 41da8bff58b02dec26e2473ce6c764ee
humanhash: triple-sweet-table-texas
File name:AWB - Invoice And Shipping Documents.exe
Download: download sample
File size:791'552 bytes
First seen:2021-01-08 08:11:37 UTC
Last seen:2021-01-08 09:50:47 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (49'070 x AgentTesla, 20'026 x Formbook, 12'352 x SnakeKeylogger)
ssdeep 12288:Qx8EbQzCcXFmCgLtJ79MEnzFav4S/5ATR1rJ+T+SMkeZwfq3OZu:gvs9XIpxaN/5eLJfHji2OZu
Threatray 10 similar samples on MalwareBazaar
TLSH C8F4AE50A7AA6BB0F1BF877CE4BD000197F4B180D39AD73E6EA160EC1952706E875637
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: lrs1.layerip.com
Sending IP: 176.74.19.164
From: Ms. Kathy Chi <accounts@radiantqatar.com>
Subject: AWB N0: 3029****6411 ready for pick-up
Attachment: AWB - Invoice And Shipping Documents.gz (contains "AWB - Invoice And Shipping Documents.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
AWB - Invoice And Shipping Documents.exe
Verdict:
Malicious activity
Analysis date:
2021-01-08 08:14:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/98ebdf43-5af5-43ac-899b-35d17a38aa86

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110927/
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42782.5008.26200.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/576533
Signature
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e7038fea8e971069b99dccef6ab0242e2faaa33c6cc6f29afe6c0c37ac2645bb/
Threat name:
ByteCode-MSIL.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-08 08:12:24 UTC
AV detection:
13 of 46 (28.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=44by72uos4igtom5ztxwvmbefyx2viz4ntdpfgx6nqgdplbgiw5q._file
Verdict:
unknown
Similar samples:
24909df72e40bc65814a062bf17e5cd688e590b5714fdfdcc8db521bc1705db8
2b8fa632ea18de00ff38bf12f6170cb14a0aae7aca07bdf0907f7dafcf679afe
423ce9320e357189663367f227063aaad82e4d61f35e4566621de49723d710fb
4ee3ccc5e44ba8a78e9555dc582e5cf75427c95a24afba1aaae2f365fd97feef
5f671b1c0644745816b1ccb89f46eb2d7966feedae3d542d1565a7ebf0b6a5e0
8428c5045d1fbd4ae7c0c020024e03ee55ac6c4116b4bd3dbcc4e9bf2580d727
94329df75d76c02854c7c90c2c690293c9d17ad42ca1693cb7adadff87a4279f
ce9d76d3febfe1af8c81e6e9d25a70add6fa49a2ff6f36aaf20be9e0e03d8a16
e51ad389e78c6265cc5bf18f7bc1533052cc247621c27892ea3120339461f8cf
f7f5b14745f49ef2b4f846d53003caeecdfce9e4540db03febfd36b58cf1e805
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210108-k1qsz4bq42/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
e7038fea8e971069b99dccef6ab0242e2faaa33c6cc6f29afe6c0c37ac2645bb
MD5 hash:
41da8bff58b02dec26e2473ce6c764ee
SHA1 hash:
c43a08f031048285a6f4553e919ba74e6b2035c9
Link:
https://www.unpac.me/results/f4b8bd99-34d3-467a-860d-a23ca702b0cc/
SH256 hash:
78cc69e2bac1d1082fdcd12ab9f73c8fbe177d4c77c3741a1f675afc19fde7df
MD5 hash:
0d89407b450dd157f3eac8a3a3850a07
SHA1 hash:
ae3cd291f2a022360896d4fae4f005f2b50a8364
Link:
https://www.unpac.me/results/f4b8bd99-34d3-467a-860d-a23ca702b0cc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e7038fea8e971069b99dccef6ab0242e2faaa33c6cc6f29afe6c0c37ac2645bb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz 5fa431dfdaeef7c1904228aeeee71839d484d3bde55b9886203fc23fa5008e8f

Executable exe e7038fea8e971069b99dccef6ab0242e2faaa33c6cc6f29afe6c0c37ac2645bb

(this sample)

  
Dropped by
MD5 b6dd9f58bef545ae46d2a3707a640ac8
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 5fa431dfdaeef7c1904228aeeee71839d484d3bde55b9886203fc23fa5008e8f
Cape
Cape
https://www.capesandbox.com/analysis/110927/

Comments