MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 611f0ae1632337b1d0ee2d5297ddfe300cc510c46266417bedd7c343ced0b264. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 611f0ae1632337b1d0ee2d5297ddfe300cc510c46266417bedd7c343ced0b264
SHA3-384 hash: 90877aee1c0be5faf514b088b49028229986c146750038b09b7502035e6394f07463b77f2b12ed2f6545f63e34947aba
SHA1 hash: 946b734a477803d315d319383c6f35f8d401c985
MD5 hash: 63d39067eacc1eea38904299ab5ff856
humanhash: georgia-sierra-cat-king
File name:Payment Swift Copy.pdf.zip
Download: download sample
File size:846'227 bytes
First seen:2020-05-28 10:54:15 UTC
Last seen:2020-05-30 18:48:46 UTC
File type: zip
MIME type:application/zip
ssdeep 24576:TgR42UCXtOVruTgZj4mvThp9fR2DTwnO7K1iXQBaOu6HL:fFoO0qsm71R2nwnjsXQgOuSL
TLSH B40523ED79CDDB0738799FB069B204BDB7D53B242C84798C8A78367576BE6200532983
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email
From: ca.hn@cominasia.com
Received: from cominasia.com (unknown [103.125.189.227])
Date: 28 May 2020 03:33:25 -0700
Subject: RE : Payment Advise Swift printout
Attachment: Payment Swift Copy.pdf.zip

Intelligence

File Origin
# of uploads :
6
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.fc.4709.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 08:22:11 UTC
File Type:
Binary (Archive)
Extracted files:
21
AV detection:
28 of 47 (59.57%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 611f0ae1632337b1d0ee2d5297ddfe300cc510c46266417bedd7c343ced0b264

(this sample)

Executable exe 21178d3dc240fc60a328a125280b58e073cd8cb677553cc867a62fcdceca210f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 21178d3dc240fc60a328a125280b58e073cd8cb677553cc867a62fcdceca210f

Comments