MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 171b30ee0e7bc1041ab080338ade87eb5b1db21b2764a5e0c65fddd88fdb6555. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 171b30ee0e7bc1041ab080338ade87eb5b1db21b2764a5e0c65fddd88fdb6555
SHA3-384 hash: e174ecd8188d35142da744d309a542c84cf524cfeac558a8dc64209b6f1d61982ab07c519a19fdbffeafd635a8a66915
SHA1 hash: fe258caae239d42431a57a18d973d094ee424cf5
MD5 hash: cf264dfefbadf04622f727e2b31b8ab1
humanhash: illinois-carolina-utah-wisconsin
File name:Orden de Compra lista.DWG.gz
Download: download sample
File size:943'463 bytes
First seen:2020-10-15 11:24:04 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 24576:WA5Qsk0HkDHSiNaTD3oWZ0IsqkPxpPHKBHEcF9H/2q:/5C0HCS+aTDYWCIdkxdHKBHl9Heq
TLSH BC1533B2F2A5F29C5BB918F6CEC7706C87C8855A41C44A0B148647B21FAE5DA0FED4D3
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: smtp01-sa.serv.net.mx
Sending IP: 201.150.39.117
From: Karla <ventas1@flexijuntas.com.mx>
Reply-To: Karla <officejb01@mail.com>
Subject: ORDEN DE COMPRA 28466
Attachment: Orden de Compra lista.DWG.gz (contains "Orden de Compra lista.DWG.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42629.25611.11509.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/171b30ee0e7bc1041ab080338ade87eb5b1db21b2764a5e0c65fddd88fdb6555/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 07:55:22 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c4ntb3qoppaqigvqqazyvxuh5nnr3mq3e5sklyggl7o5rd63mvkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/171b30ee0e7bc1041ab080338ade87eb5b1db21b2764a5e0c65fddd88fdb6555

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz 171b30ee0e7bc1041ab080338ade87eb5b1db21b2764a5e0c65fddd88fdb6555

(this sample)

Executable exe 5c74fdaa63a6b210dd3ceed52b08c212d2e3d2ede23568e0c85370c9ad9052ce

  
Dropping
MD5 fc42a904f984860c37cb858e4b9f6f27
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5c74fdaa63a6b210dd3ceed52b08c212d2e3d2ede23568e0c85370c9ad9052ce

Comments