MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments 2
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379
SHA3-384 hash: 7c881e6a0ed25559955466cf6a55eed85134748b2faf51a9fb674cd1c424748965789aaa824e44806608a9e013ed0892
SHA1 hash: 1dccc227caf48fd04457608023824dd9d2c75558
MD5 hash: 15c132eab35a58928b8d417f6ed1cc5c
humanhash: hydrogen-illinois-fifteen-quebec
File name:50158701_oqTSEJ.zip
Download: download sample
File size:128'552 bytes
First seen:2020-06-20 06:00:05 UTC
Last seen:2020-06-21 08:35:38 UTC
File type: zip
MIME type:application/zip
ssdeep 3072:EBbM9FXUuUkHj4Q7So/N0z8GucQqAepYvvF:uo9FXNUbqlV0cJeCF
TLSH 1FC3125164EC10FEDE9223D4FB29878408B5BAF8F501F4F70625DA345CCA73C9A9E496
Reporter jarumlus
Tags:zip

Intelligence

File Origin
# of uploads :
4
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.JS.Divergent.3.Gen.3148.31621.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Downloader.EncDoc
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 23:42:04 UTC
File Type:
Binary (Archive)
Extracted files:
52
AV detection:
13 of 29 (44.83%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=euleh4fvhhvyolv6wilpdny7b6g4qmaso3vghw756efhez5mon4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments


Avatar
Corsin Camichel commented on 2020-06-20 11:17:13 UTC

dropping_sha256
9f0d3b49b6eea3eff22dce2838b10e8e3b03c45f31212f8d26ae31cd576f1104

Avatar
Corsin Camichel commented on 2020-06-20 11:16:23 UTC

Malicious email
From: CORREIOS <sedex_devolvido@correios.com.br>
Received: from mail01.frionline.com.br (mail01.frionline.com.br [177.54.112.17])
Date: 20 Jun 2020 05:25:04 -0300
Subject: Ultimo Aviso Sedex Devolvido
Attachment: 50158701_oqTSEJ.zip