MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54fce61ce1186569475db4ae6703c76d2ff651ff4a7dfb38d110995986b600d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54fce61ce1186569475db4ae6703c76d2ff651ff4a7dfb38d110995986b600d9
SHA3-384 hash: e80c1e43468b24a56643bb53b2a08317c6141080a9fd6d9176f3d1d540de12f1530bf3fe3501d8bde70c111fa4d23084
SHA1 hash: 5e75475e60b8b7782c7dee920580a9200c7325c6
MD5 hash: c852b8741a7b4e2af799420490b97b2a
humanhash: oregon-solar-march-uranus
File name:Invoice_Payment_Copy.zip
Download: download sample
File size:350'121 bytes
First seen:2020-08-18 19:16:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:E1V15tsLrZ9QQcQdfso4GNA91mH3/VC4Y3h69l6bkCuhQ+S0y+lq2HTonevyPDYD:CqtBR4QA91mX/6hM5W+S08Oknv7YRPd
TLSH EC74236C1B485F9E99D96CBDD523E86205A21BEB0304D5841A8EB3FBF016943FC8E11E
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: pro152-34.mxout.rediffmailpro.com
Sending IP: 119.252.152.34
From: Perfect Tubes Ltd <deepak.naik@perfecttubes.com>
Subject: We Have Remitted Your Invoice Payment
Attachment: Invoice_Payment_Copy.zip (contains "Invoice Payment Copy.cmd")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Porcupine.Malware.43883.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/54fce61ce1186569475db4ae6703c76d2ff651ff4a7dfb38d110995986b600d9/
Threat name:
Win32.PUA.Vigua
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 19:18:09 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kt6omhhbdbswsr25wsxgoa6hnux7mup7jj67wogrccmvtbvwadmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Password Stealer
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/54fce61ce1186569475db4ae6703c76d2ff651ff4a7dfb38d110995986b600d9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 54fce61ce1186569475db4ae6703c76d2ff651ff4a7dfb38d110995986b600d9

(this sample)

Executable exe 4fbe77777093608a25b248db192e96bb062da46835e2739c07922c39cfbb0d57

  
Dropping
MD5 7ba4f48b89a9d8441de3e3291ab40907
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4fbe77777093608a25b248db192e96bb062da46835e2739c07922c39cfbb0d57

Comments