MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cdc4075d1b292e19c363d6f870ee85a9836a3bcc11522a2de80415d6c1b4f3b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cdc4075d1b292e19c363d6f870ee85a9836a3bcc11522a2de80415d6c1b4f3b4
SHA3-384 hash: 893ed11217a3aac9c5f96edf38f67da1b8445793699ef4f9131ddd49809a1d8ce6a562786b2f05f01e6cfc45857e5123
SHA1 hash: 78374d5aa4de66041d618d6b1810d5d0c32fc890
MD5 hash: aa1692e5ace5a2f72fe0e8dbbae76b6e
humanhash: green-eighteen-harry-butter
File name:Invoice for onder 20200712.zip
Download: download sample
File size:357'295 bytes
First seen:2020-08-18 11:55:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:0KA8KgdA5b5N37Kd7xyFmF56kZPOzlWOnKzuw6jknv2tr/ikvpBZX/tbQ6NqLHZ0:xAHgC3udFyV0O5W9r2tt/dvpBZ/tvN60
TLSH 2D7423787157E8B538260CF9B6976C7C9FC6DE4C523CE96494AFA74312C65CBC23402A
Reporter abuse_ch
Tags:GMX zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mout.gmx.com
Sending IP: 74.208.4.200
From: Admin Danny <euphyfotiles@net-shopping.com>
Subject: Re: Reconfirm invoice
Attachment: Invoice for onder 20200712.zip (contains "attached PO 30745.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cdc4075d1b292e19c363d6f870ee85a9836a3bcc11522a2de80415d6c1b4f3b4/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 11:57:04 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zxcaoxi3fexbtq3d234hb3ufvgbwuo6mcfjculpiaqk5nqnu6o2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cdc4075d1b292e19c363d6f870ee85a9836a3bcc11522a2de80415d6c1b4f3b4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip cdc4075d1b292e19c363d6f870ee85a9836a3bcc11522a2de80415d6c1b4f3b4

(this sample)

Executable exe 84bf51fbb89bfbbdaebb07ac07c8113bdc4da8cc08986920a805babb6a26babb

  
Dropping
MD5 fa70c7ddd9e4efd40d15cf5368485939
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 84bf51fbb89bfbbdaebb07ac07c8113bdc4da8cc08986920a805babb6a26babb

Comments