MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e02ea06b3c45547214f935e622ba9a711def3cfb08d64b06f2be1c09269e9a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e02ea06b3c45547214f935e622ba9a711def3cfb08d64b06f2be1c09269e9a5
SHA3-384 hash: 7d1f69310a903bbb706bb0f9fbfe3af79bf98814a8f19cdfc4a612f8677dd2b48d2ab57ca3ad15d64b78ea8132bc9094
SHA1 hash: 7af4b1021fedaa7a01c7de597afb9ad4bab57158
MD5 hash: 0a7a25028fe85e5eff4237f7bc36208f
humanhash: sierra-two-bravo-spring
File name:REMITTANCE1.zip
Download: download sample
File size:253'189 bytes
First seen:2020-10-17 12:08:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:QCrinyvBZ6R3xPnlzlBeO33JiE0PpEbvw+XHur500dSUqcpMgkNv7Ho:QYZ6jlpBd3QE0xEbvw+Se0mUkW
TLSH 473423C8D34C53942F532987171C95BB9989412C7AC9223B9274BB3046E7D9F3ABE02E
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: cloud.irx61.hostnegar.com
Sending IP: 5.63.12.212
From: ZHANG KUN <renation-upggraden@ahanmarkaz.com>
Subject: 20201019 Prague Deutsche Bank Payment Application
Attachment: REMITTANCE1.zip (contains "REMITTANCE.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42621.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4e02ea06b3c45547214f935e622ba9a711def3cfb08d64b06f2be1c09269e9a5/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-17 09:20:50 UTC
AV detection:
19 of 47 (40.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jyboubvtyrkuoikpsnpgek5ju4i5546pwcgwjmdpfpq4betj5gsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/4e02ea06b3c45547214f935e622ba9a711def3cfb08d64b06f2be1c09269e9a5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 4e02ea06b3c45547214f935e622ba9a711def3cfb08d64b06f2be1c09269e9a5

(this sample)

Executable exe b81ea7ca7dbf375d9661b3f571e542304641eb6d53e884937de2bcf840720d6f

  
Dropping
MD5 387cd51cb271329c54133bcb1a8dd2f9
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b81ea7ca7dbf375d9661b3f571e542304641eb6d53e884937de2bcf840720d6f

Comments