MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 1 Yara Comments 2

SHA256 hash: 251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379
SHA3-384 hash: 7c881e6a0ed25559955466cf6a55eed85134748b2faf51a9fb674cd1c424748965789aaa824e44806608a9e013ed0892
SHA1 hash: 1dccc227caf48fd04457608023824dd9d2c75558
MD5 hash: 15c132eab35a58928b8d417f6ed1cc5c
humanhash: hydrogen-illinois-fifteen-quebec
File name:50158701_oqTSEJ.zip
Download: download sample
Signature n/a
File size:128'552 bytes
First seen:2020-06-20 06:00:05 UTC
Last seen:2020-06-21 08:35:38 UTC
File type: zip
MIME type:application/zip
ssdeep 3072:EBbM9FXUuUkHj4Q7So/N0z8GucQqAepYvvF:uo9FXNUbqlV0cJeCF
TLSH 1FC3125164EC10FEDE9223D4FB29878408B5BAF8F501F4F70625DA345CCA73C9A9E496
Reporter @jarumlus

Intelligence


Mail intelligence
Trap location Impact
DE Germany Low
Global High
# of uploads 4
# of downloads 34
Origin country FR FR
ClamAV SecuriteInfo.com.JS.Divergent.3.Gen.3148.31621.UNOFFICIAL
CERT.PL MWDB Gathering data
ReversingLabs :Status:Malicious
Threat name:Document-Word.Trojan.Encdoc
First seen:2020-06-19 23:42:04 UTC
AV detection:13 of 31 (41.94%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
VirusTotal:Virustotal results 12.70%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments



Avatar
Corsin Camichel commented on 2020-06-20 11:17:13 UTC

dropping_sha256
9f0d3b49b6eea3eff22dce2838b10e8e3b03c45f31212f8d26ae31cd576f1104

Avatar
Corsin Camichel commented on 2020-06-20 11:16:23 UTC

Malicious email
From: CORREIOS <sedex_devolvido@correios.com.br>
Received: from mail01.frionline.com.br (mail01.frionline.com.br [177.54.112.17])
Date: 20 Jun 2020 05:25:04 -0300
Subject: Ultimo Aviso Sedex Devolvido
Attachment: 50158701_oqTSEJ.zip