MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 118dd258630c48b0beacd8b4c04c9c9cd3b9f698b660b6a904b1dfc033e00cd1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 118dd258630c48b0beacd8b4c04c9c9cd3b9f698b660b6a904b1dfc033e00cd1
SHA3-384 hash: 753b88224af322fead6849ec9e175350091d23d1fce9a3af76b02e5e5486c1f185a906352aa05e3957cd4f82a85666b1
SHA1 hash: c0a94c00c0dc10d077596afdaedebb0bcdf7436a
MD5 hash: 1b9e5b3ce524614941d69bfc00db57b5
humanhash: maine-west-sodium-one
File name:IATA.scr
Download: download sample
File size:631'924 bytes
First seen:2020-05-21 07:38:26 UTC
Last seen:2020-05-21 08:53:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ae9f6a32bb8b03dce37903edbc855ba1 (28 x CryptOne, 18 x RedLineStealer, 15 x njrat)
ssdeep 12288:goQ7Xar2BHs/EIzm/ODafoIVu8AtaeKGgUP3ZoGae0NfQbohb7h0pvrtniT7Q:gZ7Xar2VsBq/OWfoIwNtaeKGgZGabNfq
Threatray 9 similar samples on MalwareBazaar
TLSH 11D40131BBC148B1D9B219345EF997711A3DBD311F348B5FA3A03A2D6E714C0A629B63
Reporter abuse_ch
Tags:scr


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.dom-express.ru
Sending IP: 87.103.212.119
From: S7 Airlines <supp@s7.ru>
Subject: новый валидатор IATA во вложении
Attachment: IATA.zip (contains "IATA.scr")

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

SecuriteInfo.com.Generic.mg.7118444d587a1d65.31770.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Hesv
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 08:36:13 UTC
AV detection:
20 of 30 (66.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cgg5ewddbrelbpvm3c2mate4ttj3t5uywzqlnkiewhp4am7abtiq._file
Verdict:
malicious
Similar samples:
23cfbb0bf1e110a79678f45c29897e6090b660d3df420bbb916fc3f1bc12eead
268953af63bad4895dd06c024fd1ec2af2c134623a0e100e26894e4d6bab741e
31e0d8d290cef40450e8afb88a58749155645f4f702bdec51a81290d0230de09
380a0d5b3d5ae9eb9a53cf5bb4fe1737de62020e4f0ec5f56ee601bf8a884d1b
6269fd417f93e7c0d7cab576b35dc3b6f6a58c0f04e75533bad84987c228f0e6
75fa551eec71d6d8b9817266813715c2bbb7a537005587f9f1e0d058a05febc6
b5961f407c0afef04c9406ba17cbae3fe4cc575b47e50081abbda0d96f9c0f18
c72abb73f39b466cd8b230c1fd9d6c1bf46573db11038eaa407d47976eb317eb
e7d2deba4fccbea79ffa209ebe0ce49f98aecfb340c8d6ec3ea1773cb12cb07e
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201109-mtb1afvc7s/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 15175b0b6c75772a249df946760f4902399142ea4b62049084d114a326ffa376

Executable exe 118dd258630c48b0beacd8b4c04c9c9cd3b9f698b660b6a904b1dfc033e00cd1

(this sample)

  
Dropped by
MD5 a10b1d0fcd52080bcea23cfeb8a82e46
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 15175b0b6c75772a249df946760f4902399142ea4b62049084d114a326ffa376

Comments