MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4589548efeb9bc98b450dbd9d639699821fa17692b830644d8e9982226c6559c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4589548efeb9bc98b450dbd9d639699821fa17692b830644d8e9982226c6559c
SHA3-384 hash: 23d9f7ceec5af0c9252413e2f6cb49d6ba920caedab46164ac1214475353c25ffb61a4f5c1fe385f4bcdd3a143eed1ca
SHA1 hash: 9dfb05cba826103288094e5ebdc99391f776af7e
MD5 hash: 615dc5fa3109be3acb3ff07d7d62854a
humanhash: lake-wisconsin-freddie-ohio
File name:Purchase-Order.cpio
Download: download sample
File size:829'952 bytes
First seen:2021-02-24 06:55:56 UTC
Last seen:Never
File type:unknown
MIME type:application/x-cpio
ssdeep 12288:mu8aySCiSdWunLEQiydW+PWk7iWriyfpbkukWO8JxdeWXR/05pG2mJ02NfM0486p:m/yIxwktNfq84d
TLSH E205F70716A8BF57F9BE9738E36446098BF4F456E320CB0E7DE069D98A36F418616703
Reporter abuse_ch
Tags:cpio


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: shengda-alu.com
Sending IP: 185.136.159.208
From: David R.E. Hale <sales@shengda-alu.com>
Subject: Re: Purchase Order
Attachment: Purchase-Order.cpio (contains "Purchase Order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.MSIL_Kryptik.CUA.genEldorado.21221.17006.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4589548efeb9bc98b450dbd9d639699821fa17692b830644d8e9982226c6559c/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iwevjdx6xg6jrncq3pm5moljtaq7uf3jfobqmrgy5gmcejwgkwoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

unknown 4589548efeb9bc98b450dbd9d639699821fa17692b830644d8e9982226c6559c

(this sample)

Executable exe a56dd4e72295bf7c79d989c938c8be1f6b0c7f3615c4ca1ceb44e3ebe2d780bb

  
Dropping
MD5 09345962793d76969d8c457917a63a89
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a56dd4e72295bf7c79d989c938c8be1f6b0c7f3615c4ca1ceb44e3ebe2d780bb

Comments