MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2606dbd11dbb007ce966f9e4bc3af51c60f671e3b21fa4589be95bb49cd6840. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d2606dbd11dbb007ce966f9e4bc3af51c60f671e3b21fa4589be95bb49cd6840
SHA3-384 hash: 4cfff905fd84748d535ff0e6e4e095a37d6a7ecd2d6f6ae0e37080ffa618e548866df2de71c6af1ca7e2a969d885ffb9
SHA1 hash: 126de7380348be6cf4f6101747f17f0dea32a3ff
MD5 hash: 5de614c53d95fadd548936378ddcaad4
humanhash: carbon-three-beryllium-quebec
File name:PAYMENT-SLIP.gz
Download: download sample
File size:476'529 bytes
First seen:2020-08-18 11:45:12 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:4F591lQcW0hAvV7bsQHNVAam539VX3pL8kKqn0EnM1G:sXHW0hcHNWamB3pIs0b0
TLSH 20A423B64E2328155BF48B7D13CBE6165FD3CE22893A2B0177A708C99DD7B03A5470B1
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: newserver5.tradebooster.in
Sending IP: 209.133.212.186
From: Accounts Officer <ccd@rcpl.net.in>
Subject: RE: Proof Of Payment
Attachment: PAYMENT-SLIP.gz (contains "PAYMENT-SLIP.bat")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d2606dbd11dbb007ce966f9e4bc3af51c60f671e3b21fa4589be95bb49cd6840/
Threat name:
ByteCode-MSIL.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 11:47:04 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2jqg3pir3oyaptuwn6pexq5pkhda6zy6hmq7urmjx2k3wsonnbaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d2606dbd11dbb007ce966f9e4bc3af51c60f671e3b21fa4589be95bb49cd6840

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz d2606dbd11dbb007ce966f9e4bc3af51c60f671e3b21fa4589be95bb49cd6840

(this sample)

Executable exe 53e62aa59c2cf52be4e37efeb373cfc078457c945bcab84c938d6bb65601851c

  
Dropping
MD5 45703719f4719020c137182016886f15
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 53e62aa59c2cf52be4e37efeb373cfc078457c945bcab84c938d6bb65601851c

Comments