MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68673e6a63aad0f8e9d315807085511f4abc170964fa6b5b7118be39ee586b6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Citadel


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68673e6a63aad0f8e9d315807085511f4abc170964fa6b5b7118be39ee586b6b
SHA3-384 hash: b67fdad81633df7d8ce6b6a26a843adc8d53a429eff8d14514fc19cff7cb3563a77756482ce67043d9f8974a8ddb62c3
SHA1 hash: 48d3037d81189f82b5841d8f0e4abbbefc7b2556
MD5 hash: 15a408bdc1a79f6c482353695bf2f5b6
humanhash: robert-berlin-fish-hamper
File name:HBL+MBL ETD 603 SO B498+499 LCL FROM TAICHUNG TO LA.rar
Download: download sample
Signature Citadel
Create hunting rule
File size:1'198'500 bytes
First seen:2020-05-11 09:11:43 UTC
Last seen:2020-05-11 09:12:36 UTC
File type: rar
MIME type:application/x-rar
ssdeep 24576:lbCaf+u/a86PENwmzD3kOn+CMjmKlCTJtfrCdwRrWyx7EmgsT:lb9Sc/0OrYKtxDgsT
TLSH A9453396B7455793C24ADE4CA385C0BAF13A9AB8543BC9A1D7FCC2027F053416639F1E
Reporter abuse_ch
Tags:Citadel rar


Avatar
abuse_ch
Malspam distributing Citadel:

HELO: mail.betuchin.ga
Sending IP: 89.40.115.18
From: Joyce Huang (MFI Taiwan) <admin@betuchin.ga>
Subject: HBL+MBL ETD: 6/03 SO B498+499 (LCL FROM TAICHUNG TO LA)
Attachment: HBL+MBL ETD 603 SO B498+499 LCL FROM TAICHUNG TO LA.rar (contains "Commercial Invoice & PL - TWNYC3469342.scr")

Citadel C2:
hXXp://vitecqroup.com/zszszs/file.php
hXXp://vitecqroup.com/zszszs/gate.php

Intelligence

File Origin
# of uploads :
4
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 09:36:27 UTC
File Type:
Binary (Archive)
Extracted files:
1185
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nbtt42tdvlipr2otcwahbbkrd5flyfyjmt5gww3rdc7dt3synnvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Citadel

rar 68673e6a63aad0f8e9d315807085511f4abc170964fa6b5b7118be39ee586b6b

(this sample)

ZeuS

Executable exe 2b123fa8f08714a93a01db03bdf4ecd31d268d5d279900b9c67fec861c2bc11c

  
Dropping
MD5 cc41e556572c9bf5ba045f89198f7b98
  
Dropping
Citadel
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2b123fa8f08714a93a01db03bdf4ecd31d268d5d279900b9c67fec861c2bc11c

Comments