MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e4bdd13d324ed0076940a4ce92bd0b27d12b4887143bf58209a647149c6bf6f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e4bdd13d324ed0076940a4ce92bd0b27d12b4887143bf58209a647149c6bf6f6
SHA3-384 hash: a08904b3939b6928fbb66b2ee0631fe0ef9207351b41361be07e0bedd090a23f2fb98753fd1a578c612b8448488aa984
SHA1 hash: d4e91860cc06fe42e0eb542f8832eea9990aaef7
MD5 hash: 289efd3ad437389e770dd2f56cd6076b
humanhash: california-equal-july-asparagus
File name:Purchase Order.gz
Download: download sample
File size:437'776 bytes
First seen:2020-08-18 11:49:45 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:WVQzi1gzu1IgXQ1cyiMcT+8CKdbLQr4Fj:WVF1vqbjf8VdvQr4B
TLSH 759423BAF2D17E398304C9394B5A6F6E672549C85400B68DF7B2EF10A3599CC043A7F6
Reporter abuse_ch
Tags:Endurance gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: qproxy3-pub.mail.unifiedlayer.com
Sending IP: 67.222.38.20
From: Prashant S. Patil <prashant.patil@grindmaster.co.in>
Subject: Purchase Order
Attachment: Purchase Order.gz (contains "gunzipped")

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27247.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e4bdd13d324ed0076940a4ce92bd0b27d12b4887143bf58209a647149c6bf6f6/
Threat name:
ByteCode-MSIL.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 11:51:08 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4s65cpjsj3iao2kauthjfpile7iswsehcq57laqjuzdrjhdl633a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e4bdd13d324ed0076940a4ce92bd0b27d12b4887143bf58209a647149c6bf6f6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz e4bdd13d324ed0076940a4ce92bd0b27d12b4887143bf58209a647149c6bf6f6

(this sample)

Executable exe c940cd402730830fcdc056cf6c995ea8ce605cad289e354c4f8472e94a3589bf

  
Dropping
MD5 97ecff6243562e2d74454fe989e72959
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c940cd402730830fcdc056cf6c995ea8ce605cad289e354c4f8472e94a3589bf

Comments