MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5aba2e40c2d92b54ccc36317cb81acba1d734fad73d5635507f8b81d4b140d8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5aba2e40c2d92b54ccc36317cb81acba1d734fad73d5635507f8b81d4b140d8c
SHA3-384 hash: c737d2b63c5a389c4bd00ff7ce19f0da8d2c1f409b118b827e9d1c11de00c3293fd90c2f15b6493a3f60565621c3286f
SHA1 hash: 91524730ed831986ab668008a323e1e53d5c37b4
MD5 hash: 7313f562c072b50a1cb9ce69334bc884
humanhash: vegan-coffee-burger-mars
File name:SCAN 0004 QA QC-.pdf.gz
Download: download sample
File size:1'038'283 bytes
First seen:2020-08-18 12:10:21 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 24576:jd6mFMFgxaLdI/JacYDBSm5o12u+YUF6G8IS/PIH:jomFMFgcLKxaDDBn5o12u+vvbS/Pi
TLSH 3B25333B2AF0A351285302B25DAD11C888903AFA674D5D4A69B7B40E53CD1E3E6F77F4
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.kisplilerm.com
Sending IP: 104.168.204.224
From: info@kisplilerm.com
Subject: NEW QUOTATION #3752373
Attachment: SCAN 0004 QA QC-.pdf.gz (contains "SCAN 0004 QA QC-.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5aba2e40c2d92b54ccc36317cb81acba1d734fad73d5635507f8b81d4b140d8c/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-08-18 12:12:07 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lk5c4qgc3evvjtgdmml4xanmxioxgt5nopkwgvih7c4b2syubwga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5aba2e40c2d92b54ccc36317cb81acba1d734fad73d5635507f8b81d4b140d8c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz 5aba2e40c2d92b54ccc36317cb81acba1d734fad73d5635507f8b81d4b140d8c

(this sample)

Executable exe c27a39381e1034e23c04713893907c51596a6215a6fb1932281520c17aae8646

  
Dropping
MD5 b133c6cb3460de3d2d9c885f764660cf
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c27a39381e1034e23c04713893907c51596a6215a6fb1932281520c17aae8646

Comments