MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7f5b14745f49ef2b4f846d53003caeecdfce9e4540db03febfd36b58cf1e805. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f7f5b14745f49ef2b4f846d53003caeecdfce9e4540db03febfd36b58cf1e805
SHA3-384 hash: 2f3b5b3ce7f76fc95cb3685b4799b1a06d9f9600231887124ab3d06f96900db051caf1d85b72aa73885736acca76fba7
SHA1 hash: 5df3cc3576324cbd378ebddc4109a42ba33a033a
MD5 hash: 4a1e3a4d8ea9e587ddc9ba6392c6e324
humanhash: cold-six-vegan-angel
File name:DHL AWB 0244234113324400 Pdf.exe
Download: download sample
File size:848'384 bytes
First seen:2021-01-07 17:41:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (49'070 x AgentTesla, 20'026 x Formbook, 12'352 x SnakeKeylogger)
ssdeep 24576:5CSRYmjm4X3PXopPLW9seLE6OjeIm925DF:PYmjm4X3P4zz55Z
Threatray 3 similar samples on MalwareBazaar
TLSH 6905BF50A7EA6BB0F1BF873C95BE000097F5A180D39ACB3E7D9260EC1952706E975637
Reporter abuse_ch
Tags:DHL exe HostGator


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gateway30.websitewelcome.com
Sending IP: 192.185.192.34
From: buyer@kreassindo.com
Subject: AWB - SHIPPING DOCUMENTS
Attachment: DHL AWB 0244234113324400 Pdf.gz (contains "DHL AWB 0244234113324400 Pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
DHL AWB 0244234113324400 Pdf.exe
Verdict:
Malicious activity
Analysis date:
2021-01-07 17:46:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f09b2187-951c-4e15-aa89-3050c994b484

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110867/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
3 / 100
Link:
https://www.joesandbox.com/analysis/576075
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f7f5b14745f49ef2b4f846d53003caeecdfce9e4540db03febfd36b58cf1e805/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-01-07 17:42:07 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6723cr2f6sppfnhyi3ktaa6k53g7z2pekqg3ap7l7u3lldhr5acq._file
Verdict:
unknown
Similar samples:
2b8fa632ea18de00ff38bf12f6170cb14a0aae7aca07bdf0907f7dafcf679afe
423ce9320e357189663367f227063aaad82e4d61f35e4566621de49723d710fb
8428c5045d1fbd4ae7c0c020024e03ee55ac6c4116b4bd3dbcc4e9bf2580d727
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210107-tjlnxxeh5j/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Unpacked files
SH256 hash:
f7f5b14745f49ef2b4f846d53003caeecdfce9e4540db03febfd36b58cf1e805
MD5 hash:
4a1e3a4d8ea9e587ddc9ba6392c6e324
SHA1 hash:
5df3cc3576324cbd378ebddc4109a42ba33a033a
Link:
https://www.unpac.me/results/071c784a-0ce0-471e-ada0-fba35bc37073/
SH256 hash:
78cc69e2bac1d1082fdcd12ab9f73c8fbe177d4c77c3741a1f675afc19fde7df
MD5 hash:
0d89407b450dd157f3eac8a3a3850a07
SHA1 hash:
ae3cd291f2a022360896d4fae4f005f2b50a8364
Link:
https://www.unpac.me/results/071c784a-0ce0-471e-ada0-fba35bc37073/
SH256 hash:
c2133cf1d8ecf8f5fe2f8cfd1423860c28f5bb7fcc71d6e24ca28967d898625a
MD5 hash:
51ba7b7855e030cbae3f1c7fcc5c18e7
SHA1 hash:
3e5806818975352eef1fd10b70ff6442c8dbd14b
Link:
https://www.unpac.me/results/071c784a-0ce0-471e-ada0-fba35bc37073/
SH256 hash:
841387484fb7de5e01c250eed72af8f53c3d5cc1d71bf467b50a9d2fe45818fa
MD5 hash:
b6f66f81d057ea16888b9e6047a1e129
SHA1 hash:
9a456fc772d2c75d131d03e48db506c61ee09918
Link:
https://www.unpac.me/results/071c784a-0ce0-471e-ada0-fba35bc37073/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f7f5b14745f49ef2b4f846d53003caeecdfce9e4540db03febfd36b58cf1e805

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz bff4b349a21a3ece72af4054be94e808a9f1bd50a36c1dcf8b7121deac6cf841

Executable exe f7f5b14745f49ef2b4f846d53003caeecdfce9e4540db03febfd36b58cf1e805

(this sample)

  
Dropped by
MD5 dbf1ea52ba47ba537e9fee54b6da7e7d
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/110867/
  
Dropped by
SHA256 bff4b349a21a3ece72af4054be94e808a9f1bd50a36c1dcf8b7121deac6cf841

Comments