MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bff18fa437ec08a2b1726d02b23e25cb3deea0933624beffe2a646120ae79062. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 1 Yara Comments

SHA256 hash: bff18fa437ec08a2b1726d02b23e25cb3deea0933624beffe2a646120ae79062
SHA3-384 hash: 56697373ce7a5f6f62e966957c8c312d97d1d14aac4754a75b9e012f7784b515b55db13d6cb3813c95bd726bb27ff93a
SHA1 hash: 135e6915abf9e1c46fe071f1ba7703529c5e2941
MD5 hash: 6ba9f0f3aa843ec9a60dce3266f550a3
humanhash: berlin-solar-princess-avocado
File name:DOC#090900009.z
Download: download sample
Signature n/a
File size:839'032 bytes
First seen:2020-06-29 20:58:04 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:cfm9AzENnyaBKmS1ni1gmCIF3VP6116ndk:ZmWyassHCIF3Pnu
TLSH CC05334EDD87BA7DC50AA05BE6F04501BB01F8DEE6C3B1A2902931578E72ADF79483C5
Reporter @jarumlus


Mail intelligence
Trap location Impact
CH Switzerland Low
Global High
# of uploads 1
# of downloads 33
Origin country US US
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Ursu
First seen:2020-06-29 20:59:04 UTC
AV detection:16 of 48 (33.33%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
VirusTotal:No data

File information

The table below shows additional information about this malware sample such as delivery method and external references.


zip bff18fa437ec08a2b1726d02b23e25cb3deea0933624beffe2a646120ae79062

(this sample)

Delivery method
Distributed via e-mail attachment