MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f9dae2216fbae34044513016ad05e48ce3a150f02c3c159ad1f738fcc783d49. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f9dae2216fbae34044513016ad05e48ce3a150f02c3c159ad1f738fcc783d49
SHA3-384 hash: 29d3d1b8dc02df23470720b338c5745c28552552b685cd22f263fa24960876a7f1e56c9c472fd9b8e93a97782ec8fa25
SHA1 hash: 70dcc8b804a0f174d9418bb829040f7dc5995185
MD5 hash: 1ac0d2dcb0ff767b99b366f4ca4f577b
humanhash: echo-zulu-quiet-missouri
File name:PRODUCT LISTS.zip
Download: download sample
File size:384'045 bytes
First seen:2020-04-02 06:35:10 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:OzCnnr5zSDFbhIy78Qb6hnEzwpuDmONJ9lc7UB73EOuU7TJh6tKNPhdvqJYPC8N3:OunnFzSDXT4o6ZEzO2mONJ9liU6O/7Tx
TLSH 10842366A152D7BEF44244E54AD0399306CF801EA720DDF4BD2DC4FDB88F35C996ADA0
Reporter abuse_ch
Tags:COVID-19 zip


Avatar
abuse_ch
COVID-19 themed malspam:

HELO: linux1117.grserver.gr
Sending IP: 95.216.16.146
From: U.S. Department of Health & Human Services <Hubert@ushealthdep.com.us>
Subject: URGENT NEED: U.S. Department of Health & Human Services/COVID-19 Face\ Mask/ Forehead thermometers..
Attachment: PRODUCT LISTS.zip (contains "PRODUCT LISTS.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.46181.12316.1110.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 07:35:41 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
21 of 47 (44.68%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l6o24iqw7oxdibcfcmawvuc6jdhdufipalb4cwnnd5zy7tdyhveq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 5f9dae2216fbae34044513016ad05e48ce3a150f02c3c159ad1f738fcc783d49

(this sample)

Executable exe a545a0435cbff715cd878cad1196ea00c48bd20f3cf1cc2d61670ef29573cc7c

  
Dropping
MD5 0b31febd940317f235f77eea4b7d2f9d
  
Dropping
SHA256 a545a0435cbff715cd878cad1196ea00c48bd20f3cf1cc2d61670ef29573cc7c
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a545a0435cbff715cd878cad1196ea00c48bd20f3cf1cc2d61670ef29573cc7c

Comments