MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41c5d21474cb92bb61f7eae72416048de9074634dd363ec62e9f11e5cf026115. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 41c5d21474cb92bb61f7eae72416048de9074634dd363ec62e9f11e5cf026115
SHA3-384 hash: f4221fda37181a9e3ba65218e929f9ca12f7c0afdc706139c25c6a586487261052ffd3b0d3dad175690d4fc3fecc6daf
SHA1 hash: 3e84794db360bfcd5a9385853da60306623f4fa2
MD5 hash: 6726cfd53b2e1c584874b3f275797619
humanhash: steak-cardinal-mobile-yankee
File name:Price Review Letter - FCE 2021.iso
Download: download sample
File size:1'079'296 bytes
First seen:2020-12-08 16:40:34 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:zUWYQcVQj51GyyfRWVh1Mwko8srdM3p04+qxzg:QWYzVxtJW3C7o8Im04+a8
TLSH A4359E399F6D5926F5BA8B3DC4E02465616E7B933703D93E28F921CD0B637DE84C0628
Reporter abuse_ch
Tags:iso


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server1.citgroupltd.com
Sending IP: 213.246.108.82
From: "TSAI BROTHER MACHINERY CO. LTD" <support@billiondollarproject.net>
Reply-To: support@billiondollarproject.net
Subject: Chr. Hansen Price Review Letter 2021
Attachment: Price Review Letter - FCE 2021.iso (contains "Price Review Letter - FCE 2021.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.dc.24151.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/41c5d21474cb92bb61f7eae72416048de9074634dd363ec62e9f11e5cf026115/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-08 16:01:28 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ihc5efduzojlwypx5ltsifqerxuqorru3u3d5rrot4i6ltycmekq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/41c5d21474cb92bb61f7eae72416048de9074634dd363ec62e9f11e5cf026115

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

iso 41c5d21474cb92bb61f7eae72416048de9074634dd363ec62e9f11e5cf026115

(this sample)

Executable exe 95c3cb601dbbb3632ed38c77863e7787fe21f81d1f39c6dd6e23ce57657d4e32

  
Dropping
MD5 0516d86c72477952d043c00806560716
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 95c3cb601dbbb3632ed38c77863e7787fe21f81d1f39c6dd6e23ce57657d4e32

Comments