MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 efbb83a531b88d0820d36410356cc4c8deef25deaa8da351a963dd51eadf8048. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: efbb83a531b88d0820d36410356cc4c8deef25deaa8da351a963dd51eadf8048
SHA3-384 hash: bd27ac3fbfcb47db6772b2e352a1bfff5c358daae2eb6faf6b15316b9758a4ea162dc5dc9833538ad5b544cf4d427594
SHA1 hash: 0e7a7c7abb5df0b93935e7e1bf6c620040c49b20
MD5 hash: f75e7dcdd30bb326e01f01df143f6425
humanhash: low-spring-carbon-robin
File name:May10-Invoice-DocuSign-91218.html
Download: download sample
File size:528'295 bytes
First seen:2023-05-27 02:07:53 UTC
Last seen:Never
File type: html
MIME type:text/html
ssdeep 12288:mla6QGjDAqEgMGmyvZIojQZ4gtAm2m1M7O2DZ5NXBci4LDmL:mlllDJBZgtAxO2l5NR7L
TLSH T160B41256CF681FAE6D5807884C945E8F4CCEAD222832D5F4D3EF701F862DD950639E2A
Reporter malware_traffic
Tags:159-65-42-223 html

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
US US
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.67253293.2350.13478.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6471660342f2f4acc9c62660/reports/2c5f093f-cc3b-4a5b-a7c5-f4e3213ddb57/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/efbb83a531b88d0820d36410356cc4c8deef25deaa8da351a963dd51eadf8048
Result
Verdict:
UNKNOWN
Result
Threat name:
n/a
Detection:
malicious
Classification:
expl
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1243649
Signature
Blob-based file download detected
Downloads suspicious files via Chrome
HTML document with suspicious name
Suspicious execution chain found
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 876657 Sample: May10-Invoice-DocuSign-91218.html Startdate: 27/05/2023 Architecture: WINDOWS Score: 56 57 HTML document with suspicious name 2->57 59 Blob-based file download detected 2->59 61 Downloads suspicious files via Chrome 2->61 63 Suspicious execution chain found 2->63 8 chrome.exe 9 2->8         started        process3 dnsIp4 51 192.168.2.1 unknown unknown 8->51 53 192.168.2.4 unknown unknown 8->53 55 239.255.255.250 unknown Reserved 8->55 39 C:\...\May10-2023-Invoice-DocuSign.zip (copy), Zip 8->39 dropped 41 May10-2023-Invoice...p.crdownload (copy), Zip 8->41 dropped 43 May10-2023-Invoice...Sign (1).zip (copy), Zip 8->43 dropped 12 unarchiver.exe 3 8->12         started        14 unarchiver.exe 4 8->14         started        16 chrome.exe 8->16         started        file5 process6 dnsIp7 19 cmd.exe 2 12->19         started        21 7za.exe 2 12->21         started        23 cmd.exe 2 2 14->23         started        25 7za.exe 2 14->25         started        45 www.google.com 142.250.203.100, 443, 49701, 49711 GOOGLEUS United States 16->45 47 clients.l.google.com 142.250.203.110, 443, 49699 GOOGLEUS United States 16->47 49 2 other IPs or domains 16->49 process8 process9 27 wscript.exe 19->27         started        29 conhost.exe 19->29         started        31 conhost.exe 21->31         started        33 wscript.exe 23->33         started        35 conhost.exe 23->35         started        37 conhost.exe 25->37         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/efbb83a531b88d0820d36410356cc4c8deef25deaa8da351a963dd51eadf8048/
Threat name:
Script-JS.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2023-05-10 23:16:40 UTC
AV detection:
5 of 23 (21.74%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=565yhjjrxcgqqigtmqidk3gezdpo6jo6vkg2gunjmpovd2w7qbea._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/efbb83a531b88d0820d36410356cc4c8deef25deaa8da351a963dd51eadf8048

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:html_auto_download_b64
Create hunting rule
Author:Tdawg
Description:html auto download
Rule name:QbotStuff
Create hunting rule
Author:anonymous

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments