MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c52bc55da032e2aa9fb7867bdb46750383e46bdfbc4187ed2a97e269fe5660d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c52bc55da032e2aa9fb7867bdb46750383e46bdfbc4187ed2a97e269fe5660d
SHA3-384 hash: 76de9d21bb4da2e3d3b29f55c38d773bb06db7f6d24fc0252575a623e4212cddd74bb27adad94a6f035afa34c21aea34
SHA1 hash: b2c2d7959440705563a16933fa8fd5c3630f8d7e
MD5 hash: b62a9d44cf16ab607e6d3d14423f4b79
humanhash: colorado-kitten-one-delta
File name:PO3221142020.zip
Download: download sample
File size:13'155 bytes
First seen:2021-01-15 07:09:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 192:Udl9TcZ0s8JJybhh3h/pAt0ceDlrYMQbhzW2ijAJ0M2cL7/o344GxRKZM:go4Jy300ceDl2zW2ijC2+/w449m
TLSH 1442C068BA47DEE1FDB59E365DEE51422854180CF3B9E8870C11B9B08F822CBE759158
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ideaone.net
Sending IP: 93.190.51.130
From: Mr. Muayad Alfaouri <sissy64@ideaone.net>
Reply-To: ceo@acongufe.net
Subject: ORDER REQUEST
Attachment: PO3221142020.zip (contains "PO3221142020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs1137.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4c52bc55da032e2aa9fb7867bdb46750383e46bdfbc4187ed2a97e269fe5660d/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jrjlyvo2amxcvkp3pbt33ndhka4d4rv57pcbq7wsvf7cnh7fmygq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.56
Link:
https://yomi.yoroi.company/submissions/4c52bc55da032e2aa9fb7867bdb46750383e46bdfbc4187ed2a97e269fe5660d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 4c52bc55da032e2aa9fb7867bdb46750383e46bdfbc4187ed2a97e269fe5660d

(this sample)

Executable exe cc17491bc178e0e70f05ea771879c0a3f800fc44ce53c9eb201613583d85b569

  
Dropping
MD5 0c9c49f30603cd1179a44aacdb977d62
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cc17491bc178e0e70f05ea771879c0a3f800fc44ce53c9eb201613583d85b569

Comments