MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77cce20d1df10aaa1e2f9bf42d7449e7582ec7e0a1c620a38c2a48f8e5bf9db2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


VegaLocker


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77cce20d1df10aaa1e2f9bf42d7449e7582ec7e0a1c620a38c2a48f8e5bf9db2
SHA3-384 hash: 38660d8ff0904800e584c8b5a7c64f97b85e7db2828135b40e4e6d308c11e5aba875198333f1abbc9b709a31cf90ff68
SHA1 hash: 2b2a6fc5a5b4108058ede9c2d228261b9abd3518
MD5 hash: 8b5ef94a0999235d411682647d15fad4
humanhash: blue-oven-quebec-india
File name:Payment advise-PDF.zip
Download: download sample
Signature VegaLocker
Create hunting rule
File size:484'744 bytes
First seen:2020-04-07 19:15:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:j+CRMtD1+9jbToDrHTGIx1VRslXlg/x0ydy:j3MtD1SToDrJzq1gJb8
TLSH AEA423A77DCFBC4A95951648E3003F7117256ABB56943ABE2023AC1F1124F320B5B7B3
Reporter abuse_ch
Tags:COVID-19 VegaLocker zip


Avatar
abuse_ch
COVID-19 themed malspam distributing VegaLocker:

HELO: venuslogistics.managedns.org
Sending IP: 103.14.96.237
From: Accounts <gruchallainteriors@bellnet.ca>
Subject: Pending Payment Advise ( COVID-19 - please be safe)
Attachment: Payment advise-PDF.zip (contains "Payment advise-PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
2'249
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-04-07 19:37:10 UTC
File Type:
Binary (Archive)
Extracted files:
36
AV detection:
29 of 47 (61.70%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o7goedi56efkuhrptp2c25cj45mc5r7auhdcbi4mfjeprzn7twza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

VegaLocker

zip 77cce20d1df10aaa1e2f9bf42d7449e7582ec7e0a1c620a38c2a48f8e5bf9db2

(this sample)

VegaLocker

Executable exe 1cdadad999b9e70c87560fcd9821c2b0fa4c0a92b8f79bded44935dd4fdc76a5

  
Dropping
MD5 ab8ec4451b4a5930854293f229063a03
  
Dropping
SHA256 1cdadad999b9e70c87560fcd9821c2b0fa4c0a92b8f79bded44935dd4fdc76a5
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1cdadad999b9e70c87560fcd9821c2b0fa4c0a92b8f79bded44935dd4fdc76a5

Comments