MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 579303b7a0f24a0ec6510f2a1037b25eb1e18ba69b3997a788eb8f5641d7d8f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TaurusStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 579303b7a0f24a0ec6510f2a1037b25eb1e18ba69b3997a788eb8f5641d7d8f4
SHA3-384 hash: c8f0df39d4cbf4036a0c4c370e5649ad4fe8ada137c8f946388bbb76004ce3193b60b78b82af95755af5c58f5214ddec
SHA1 hash: dba2d241a690a63f23727f7a7ceb21dc7f24dc2e
MD5 hash: 56443028e0c91e5c420b166877fffae0
humanhash: iowa-lima-violet-ack
File name:PO comfirmation.gz
Download: download sample
Signature TaurusStealer
Create hunting rule
File size:219'780 bytes
First seen:2021-02-22 07:20:32 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:QTyj3hfLHvmmFBPG9GakpFabvJieMVlzJXIQJ:QTy7tTvmmbGoa06H6DXRJ
TLSH DE24231AABA15385740DFB2974CBE45CBA16F884CAA3E1A254377ECB4D0359DD03CAF4
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server0.intouchsport.net
Sending IP: 192.236.177.223
From: Cindywang <test1234@wahanaartha.com>
Subject: New PO#SG-21-005- Quote Number : QT1028599
Attachment: PO comfirmation.gz (contains "frank_2021-02-22_02-03.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/579303b7a0f24a0ec6510f2a1037b25eb1e18ba69b3997a788eb8f5641d7d8f4/
Threat name:
Win32.Trojan.Chapak
Create hunting rule
Status:
Malicious
First seen:
2021-02-22 07:21:11 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k6jqhn5a6jfa5rsrb4vban5sl2y6dc5gtm4zpj4i5ohvmqox3d2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

TaurusStealer

gz 579303b7a0f24a0ec6510f2a1037b25eb1e18ba69b3997a788eb8f5641d7d8f4

(this sample)

TaurusStealer

Executable exe 708c8e26689e83a82460bfcf611f78eaf39ee6e77e12c23ea012489deb57e72c

  
Dropping
MD5 5ae9b47fd2a505049a7f6f405f6f512c
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 708c8e26689e83a82460bfcf611f78eaf39ee6e77e12c23ea012489deb57e72c

Comments