MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a2720b1b2f8615c9ac2b2e95c0bd94728bbafd653b6dc86454aa083066f954f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Kutaki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a2720b1b2f8615c9ac2b2e95c0bd94728bbafd653b6dc86454aa083066f954f
SHA3-384 hash: a988321f97408b334758141ba350ef2d420fbf7db486daae3f2eebc4276d67877b657cf847d31754b72edb488bbfea2e
SHA1 hash: 25064aff48aa02744134e8e2f9febd34d18052f6
MD5 hash: bef7abb5e38e98bfa6021f5a72337def
humanhash: xray-skylark-golf-november
File name:KUMATUBES_Challan.zip
Download: download sample
Signature Kutaki
Create hunting rule
File size:375'350 bytes
First seen:2020-08-06 05:53:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:u7qMhcm1M3ch755SBydKd1U4GhA9j4HD/VCSy3hwzlMRkyudQMSmy+lqSHTon8rL:KBcEMMh755SIdKc4wA9j4j/Uh+PKMSmv
TLSH DD8423D85F4E0F68AACD2CB99793E97303905AE7265435004DDF23B5901AD82F6EF907
Reporter abuse_ch
Tags:Kutaki zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.aero-cabln.com
Sending IP: 192.119.86.103
From: info@aero-cabln.com
Subject: Invoice Payment Acknowledgement
Attachment: KUMATUBES_Challan.zip (contains "KUMATUBES_Challan.cmd")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.MulDrop13.37154.28588.16416.UNOFFICIAL
Create hunting rule

Porcupine.Malware.43883.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3a2720b1b2f8615c9ac2b2e95c0bd94728bbafd653b6dc86454aa083066f954f/
Threat name:
Win32.Spyware.Kutaki
Create hunting rule
Status:
Malicious
First seen:
2020-08-06 05:55:07 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hitsbmns7bqvzgwcwluvyc6zi4ulxl6wko3nzbsfjkqigbtpsvhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3a2720b1b2f8615c9ac2b2e95c0bd94728bbafd653b6dc86454aa083066f954f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Kutaki

zip 3a2720b1b2f8615c9ac2b2e95c0bd94728bbafd653b6dc86454aa083066f954f

(this sample)

Kutaki

Executable exe 2bd4a68bf90d7d007980c8c9a6ca3859507d6f8ad00c4d53b859ffe9e7311751

  
Dropping
MD5 6987b895ed60ef35439c4acdbc2493e4
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2bd4a68bf90d7d007980c8c9a6ca3859507d6f8ad00c4d53b859ffe9e7311751

Comments