MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b72f94141f3a716e9c5cd08e6f4f96c2b3c9d84d86ea9d138a793a6728bbac9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b72f94141f3a716e9c5cd08e6f4f96c2b3c9d84d86ea9d138a793a6728bbac9
SHA3-384 hash: 9b2e673500713a8a9427cb9b9354ee9e4cba7fab2f1e8a065c771db51e42cbb3c8874f7c22e711d24abae3eb70c0caa7
SHA1 hash: 6233d18ed8cb737ea46ce7906ff28af6a9fd8110
MD5 hash: d96c1225b6477fb10b52f938641163ae
humanhash: mango-jupiter-saturn-cardinal
File name:16101980.zip
Download: download sample
File size:40'349 bytes
First seen:2020-10-19 06:34:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:vGGX1hvp5W1jcRa6qHa4/K04kXin2X2iJUP6z+fikgqEIOArV:vXF9pEQRadjKHBM27yzWia0S
TLSH 0503F2544FAEE120467C32B2441C4EDE137BA5B399FC971CB194967C92AC2BE67CA10E
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: changan-motor.com
Sending IP: 209.58.149.76
From: Accounts<service@changan-motor.com>
Subject: Payment confirmation // 3 invoices
Attachment: 16101980.zip (contains "16101980.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.c8371d417a6ff290.7649.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4b72f94141f3a716e9c5cd08e6f4f96c2b3c9d84d86ea9d138a793a6728bbac9/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-18 21:08:15 UTC
AV detection:
3 of 48 (6.25%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jnzpsqkb6otrn2ofzueon5hznqvtzhme3bxktujyu6j2m4ulxleq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dropper
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/4b72f94141f3a716e9c5cd08e6f4f96c2b3c9d84d86ea9d138a793a6728bbac9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 4b72f94141f3a716e9c5cd08e6f4f96c2b3c9d84d86ea9d138a793a6728bbac9

(this sample)

Executable exe 8b6454ee5db17671b4d1d3da3bdc1012eaf6fbd1684b2c85a387d437f1bcbf59

  
Dropping
MD5 c8371d417a6ff290172cd7632311e9ec
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8b6454ee5db17671b4d1d3da3bdc1012eaf6fbd1684b2c85a387d437f1bcbf59

Comments