MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d3d44cad3c2b99b0c08aa0ee2ecdeb3c514090498a4a4c8f2cf7946143ff853. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Neurevt


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d3d44cad3c2b99b0c08aa0ee2ecdeb3c514090498a4a4c8f2cf7946143ff853
SHA3-384 hash: e104f2564aa2860dc80efac7ff5a4fcedf94a0bbeeac9a9bd3fe883c509fe992f6867a41a10a6383c931eaf0eb3b6e60
SHA1 hash: 9f99b309b92eb8ba5f0d2e8c8de8a1c332dbf75c
MD5 hash: e8363706522342acd3b8016e5c1d42d1
humanhash: texas-seventeen-mirror-mango
File name:SARS Suspected Fraudulent Transaction report001288.PDF.gz
Download: download sample
Signature Neurevt
Create hunting rule
File size:269'907 bytes
First seen:2020-07-24 07:49:47 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:OOBZXkB8gQIHnBbksPS2txZU3+hzf3/+1xXto5Ptwq0beap:OO8BnQIHBb7PtlzfEelwHeap
TLSH 4F44231F97F81ECC306E559A231AB45F3CC826970A9C68CC9A57C486F4BF30B9426D61
Reporter abuse_ch
Tags:COVID-19 gz Neurevt


Avatar
abuse_ch
Malspam distributing Neurevt:

HELO: slot0.devlinscigars.biz
Sending IP: 104.168.176.75
From: order@keydistributors.co.za
Subject: Purchase Order POKD006192
Attachment: SARS Suspected Fraudulent Transaction report 001288.PDF.gz (contains "SARS Suspected Fraudulent Transaction report 001288.PDF.exe")

Neurevt C2:
http://winqits.com/~zadmin/lk/dm/logout.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5d3d44cad3c2b99b0c08aa0ee2ecdeb3c514090498a4a4c8f2cf7946143ff853/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-07-24 07:51:05 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lu6ujswtyk4zwdaivihof3g6wpcricietcskjshsz54umfb77bjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5d3d44cad3c2b99b0c08aa0ee2ecdeb3c514090498a4a4c8f2cf7946143ff853

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Neurevt

gz 5d3d44cad3c2b99b0c08aa0ee2ecdeb3c514090498a4a4c8f2cf7946143ff853

(this sample)

Neurevt

Executable exe 4432dedd4db9c2f1f554cb9fc4317196051ca8dc405231e2bd1bc9845702a872

  
Dropping
MD5 ca2435bf28a9f678e7f2136cfc52cfcb
  
Dropping
Neurevt
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4432dedd4db9c2f1f554cb9fc4317196051ca8dc405231e2bd1bc9845702a872

Comments