MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11f6497d17989bdcef74e9c31e63882821edf4db156862686d0db65e8f904213. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11f6497d17989bdcef74e9c31e63882821edf4db156862686d0db65e8f904213
SHA3-384 hash: ada6b73cdcfb0a3dfe5b653702200e11a63ded2668ec5c252fc366986b3d1cbdc6814ef4b2157b2bf2f6be6355ae7df5
SHA1 hash: a7ba4ffb584d3c82758fcb7755224fb743290111
MD5 hash: d4d8dfef142a4a7dfb1a8bd6574b34dc
humanhash: bulldog-juliet-mountain-single
File name:B982-GSD_gsupply.rar
Download: download sample
File size:199'551 bytes
First seen:2020-08-19 11:24:20 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:mnvmh3IepUSP/QIFUZdfyAOH0olSufdcKHMkr/juRFTstiw6GLoF0Mm:mnK4epLFQAHpRfdbsMbkstJoF0Mm
TLSH 8A14122582F0122C5E59DD2509757D0E1EDBA48D4F0EB9EA897F913667CE3F2CAD8320
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: m176149.mail.qiye.163.com
Sending IP: 59.111.176.149
From: Mao <zhizhong.mao@ce-link.com>
Subject: Re: Re: Cost and Air Freight budget draft;
Attachment: B982-GSD_gsupply.rar (contains "B982-GSD_gsupply.com")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/11f6497d17989bdcef74e9c31e63882821edf4db156862686d0db65e8f904213/
Threat name:
ByteCode-MSIL.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-08-19 11:26:06 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ch3es7ixtcn5z33u5hbr4y4ifaq635g3cvuge2dnbw3f5d4qiijq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/11f6497d17989bdcef74e9c31e63882821edf4db156862686d0db65e8f904213

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 11f6497d17989bdcef74e9c31e63882821edf4db156862686d0db65e8f904213

(this sample)

Executable exe a7ed52eaed3c431823109509515c36b6bf45aab634606980509950674f018f88

  
Dropping
MD5 26e696f15568b791826d87204b7fa8d7
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a7ed52eaed3c431823109509515c36b6bf45aab634606980509950674f018f88

Comments