MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e6266f4c04f9e7d76e53b1dc35fbc71a0f03cbd4fbe29374077b8f34cfef83f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e6266f4c04f9e7d76e53b1dc35fbc71a0f03cbd4fbe29374077b8f34cfef83f
SHA3-384 hash: d55e5b57ee9be6305d7c37753c39546ac31d4359fa292c0f72e6eebc15468d52d2d6cacd30fc719e6d9e40c8e45f2261
SHA1 hash: 1686f5def47866824fb47c964fac2d19d6c6cc8e
MD5 hash: fe5ef19b283158723f121dd9a8e0aa7a
humanhash: spring-two-emma-arkansas
File name:Scan_Documents_IMG-00291-H73US.R10
Download: download sample
File size:302'955 bytes
First seen:2020-10-12 14:46:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:IAi4ex+vV1w38JkK0mj1Z5o+xvvHQTrF4Ex8WhxwreLVIZwVq4N5Mtk:IAxO38Jp067+6wHF4kbg4N5B
TLSH 36542355723202AD76A8DCF6AE01C26794534DBB189ABE417C6FDD0E8391AFD80DCC78
Reporter abuse_ch
Tags:r10


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vervehealth.org
Sending IP: 185.29.10.101
From: Verve international<dra@vervehealth.org>
Subject: Purchasing Order
Attachment: Scan_Documents_IMG-00291-H73US.R10 (contains "Scan_Documents_IMG-00291-H73US.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Bulz.109678.10256.28212.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22774.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4e6266f4c04f9e7d76e53b1dc35fbc71a0f03cbd4fbe29374077b8f34cfef83f/
Threat name:
Win32.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2020-10-12 11:52:49 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jzrgn5gaj6ph25xfhmo4gx54ogqpapf5j67csn2ao64pgth67a7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4e6266f4c04f9e7d76e53b1dc35fbc71a0f03cbd4fbe29374077b8f34cfef83f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 4e6266f4c04f9e7d76e53b1dc35fbc71a0f03cbd4fbe29374077b8f34cfef83f

(this sample)

Executable exe 93deae39153a59fedd9d2377211abbbd68224f9ec5d9037a890249a76d1b7079

  
Dropping
MD5 32a0a337fb2d1db6142c3ea3ba917d8e
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 93deae39153a59fedd9d2377211abbbd68224f9ec5d9037a890249a76d1b7079

Comments