MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d472b010d5f50ff38ab6b5c10cc61a439e98b7c54221e98b058f9cdbfcb744ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: d472b010d5f50ff38ab6b5c10cc61a439e98b7c54221e98b058f9cdbfcb744ce
SHA3-384 hash: d68d4d15c0e707e0ae9ae9be5111f870e3ca13b409d90d059931ce813d4b3618020371ed55f0163438c12f539c711070
SHA1 hash: 7fb9ae94a85590824aae878e8be3c3498868e451
MD5 hash: a53d249aa6e4fdf95c68e383cb16a729
humanhash: ten-tennessee-lake-aspen
File name:Customer Complaint letter NHBRC258812.PDF.gz
Download: download sample
Signature Neurevt
File size:248'417 bytes
First seen:2020-07-31 11:43:01 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:GbgMr22OMwDaoHn0UY+3Czpn7zu8/XxUmsEf:GbdKiM0g3gFu8y1E
TLSH 1D3422FDDDCD806FBFE4D1F87106E869176AE5C2E431DA90D01C45B6945C0ACEB6B228
Reporter @abuse_ch
Tags:gz Neurevt


Twitter
@abuse_ch
Malspam distributing Neurevt:

HELO: host.qualifairs.com
Sending IP: 85.25.130.41
From: NHBRC2@nhbrc.org.za
Subject: Customer Complaint letter // NHBRC258812
Attachment: Customer Complaint letter NHBRC258812.PDF.gz (contains "Customer Complaint letter NHBRC258812.PDF.exe")

Neurevt C2:
http://winqits.com/~zadmin/lk/dm/logout.php

Intelligence


File Origin
# of uploads :
1
# of downloads :
33
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2020-07-31 11:44:06 UTC
AV detection:
10 of 48 (20.83%)
Threat level
  5/5
Threat name:
Malicious File
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Neurevt

gz d472b010d5f50ff38ab6b5c10cc61a439e98b7c54221e98b058f9cdbfcb744ce

(this sample)

  
Dropping
Neurevt
  
Delivery method
Distributed via e-mail attachment

Comments