MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3bdf6d9f0f35be75d8345d897ec838ae231ba01ae898f6d0c8f920ff4061fc22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3bdf6d9f0f35be75d8345d897ec838ae231ba01ae898f6d0c8f920ff4061fc22
SHA3-384 hash: 82ec54fde0f50490fa79475bb49745fcae9befd9d9e52b275d075c63c030bfc9309d053db9f8f54157c438a634861071
SHA1 hash: cafd241ae36794105ef570a7427919a8a73aeee5
MD5 hash: abd25ca7e1e9754953664a76faa57bc0
humanhash: uniform-blue-steak-bakerloo
File name:3bdf6d9f0f35be75d8345d897ec838ae231ba01ae898f6d0c8f920ff4061fc22
Download: download sample
File size:2'794'732 bytes
First seen:2022-09-03 07:52:39 UTC
Last seen:2022-09-28 05:34:02 UTC
File type:
MIME type:image/jpeg
ssdeep 24576:9RvRIyQhZFwb7yuZrtSP2krgVi0qDlscffXAkHMLxZSSKaUHH8mPFnxQ9WSFw5V4:nvRJUFwvyqtPkTlscQWSuYESFZvRNvRh
TLSH T1C4D53B720A877DF97B5E3C8294052E051C5C3B8B5269424BBBCC70BA3BAD4749E3C979
TrID 32.2% (.JPG/JPEG) JFIF-EXIF JPEG Bitmap (5000/1/1)
25.8% (.JPG/JPEG) JFIF JPEG bitmap (4003/3)
19.3% (.JPG/JPEG) JPEG bitmap (3000/1)
16.1% (.MP3) MP3 audio (ID3 v1.x tag) (2500/1/1)
6.4% (.MP3) MP3 audio (1000/1)
Reporter DSTLabs
Tags:crt jpeg sansisc

Intelligence

File Origin
# of uploads :
2
# of downloads :
689
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericFCA.Agent.46780.16740.22844.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6313081d1e46b00c985d90a3/reports/55492ee5-888f-4f24-9bea-a444686a7855/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3bdf6d9f0f35be75d8345d897ec838ae231ba01ae898f6d0c8f920ff4061fc22/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hppw3hypgw7hlwbulwex5sbyvyrrxia25cmpnugi7eqp6qdb7qra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.15
Link:
https://yomi.yoroi.company/submissions/3bdf6d9f0f35be75d8345d897ec838ae231ba01ae898f6d0c8f920ff4061fc22

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:ClamAV_Emotet_String_Aggregate
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010

Comments