MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 050c2d432568b83f75b1203ecea8e2a305408bc4e296161edc1ec8f381a0241f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Zyklon


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 050c2d432568b83f75b1203ecea8e2a305408bc4e296161edc1ec8f381a0241f
SHA3-384 hash: 1f4a54c000bb45a466085c7da88f8809b5168097602a62f11d0b8dbf6e0a3faf10a296a744643050b88f46747432e07b
SHA1 hash: 01e6548f6769f3748eb7cfdd644975e7f0efb574
MD5 hash: 679fbc62ed378c6d0c6dce3481d9d118
humanhash: pasta-yellow-lamp-twenty
File name:REQUEST_FOR_QUOTATION_564892004.IMG
Download: download sample
Signature Zyklon
Create hunting rule
File size:1'441'792 bytes
First seen:2020-05-28 05:30:01 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:qOi942X8wrPLJwyJk1BrznvjFR5IzdGVbzrh8xEMU/LaXJ6j38wEXLxmSJP1v21V:JHbJdnpIsFzryEFeXJ6jsdbxmSa1r
TLSH 0265F0833A687D67C7B900F49424804473F05F5573A2F6B2BC9AB19A26F7B9C9633613
Reporter abuse_ch
Tags:img Zyklon


Avatar
abuse_ch
Malspam distributing Zyklon:

HELO: goodluck.loseyourip.com
Sending IP: 192.119.73.65
From: accounts@alphaglancegroup.com
Subject: REQUEST FOR QUOTATION - (RFQ-564892004)
Attachment: REQUEST_FOR_QUOTATION_564892004.IMG (contains "request_for_quotation #564892004.scr")

Zylkon C2:
http://cariesglobalshipping.com/panel/upload.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 02:11:08 UTC
File Type:
Binary (Archive)
Extracted files:
21
AV detection:
14 of 31 (45.16%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Zyklon

img 050c2d432568b83f75b1203ecea8e2a305408bc4e296161edc1ec8f381a0241f

(this sample)

Zyklon

Executable exe 8b701ead5af587161656419272dfa0fca1087ce8f5603ad1e6f70332f9a1fb04

  
Dropping
MD5 ee07a20a60dd6c53958568469f4e6bec
  
Dropping
Zyklon
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8b701ead5af587161656419272dfa0fca1087ce8f5603ad1e6f70332f9a1fb04

Comments