MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fa431dfdaeef7c1904228aeeee71839d484d3bde55b9886203fc23fa5008e8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5fa431dfdaeef7c1904228aeeee71839d484d3bde55b9886203fc23fa5008e8f
SHA3-384 hash: d27d5786dd355ea39104f4b824b3d9a8c7aaf3adb6ccaf46d35f92514cf1e9d838dd7503efa8824ac3a659e462d80e78
SHA1 hash: cabe8e8674aaf18a8b99540002f4a66487c482d5
MD5 hash: b6dd9f58bef545ae46d2a3707a640ac8
humanhash: blossom-london-north-fish
File name:AWB - Invoice And Shipping Documents.gz
Download: download sample
File size:505'222 bytes
First seen:2021-01-08 08:11:35 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:DWoWZJ8eXjqallbFal4ez5AXRbpJ+T0SQketwjq3A4y:DWoIOkBlFQPz58rJfpjeSA4y
TLSH E9B423F6F8B70C86F04F74DABAB180BF5D153A85B0AB2D7D161641802A7239498BCD6D
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: lrs1.layerip.com
Sending IP: 176.74.19.164
From: Ms. Kathy Chi <accounts@radiantqatar.com>
Subject: AWB N0: 3029****6411 ready for pick-up
Attachment: AWB - Invoice And Shipping Documents.gz (contains "AWB - Invoice And Shipping Documents.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42782.5008.26200.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5fa431dfdaeef7c1904228aeeee71839d484d3bde55b9886203fc23fa5008e8f/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-08 08:12:23 UTC
AV detection:
13 of 46 (28.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l6sddx625334deccfcxo5zyyhhkiju554vnzrbrah7bd7jiar2hq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5fa431dfdaeef7c1904228aeeee71839d484d3bde55b9886203fc23fa5008e8f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz 5fa431dfdaeef7c1904228aeeee71839d484d3bde55b9886203fc23fa5008e8f

(this sample)

Executable exe e7038fea8e971069b99dccef6ab0242e2faaa33c6cc6f29afe6c0c37ac2645bb

  
Dropping
MD5 41da8bff58b02dec26e2473ce6c764ee
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e7038fea8e971069b99dccef6ab0242e2faaa33c6cc6f29afe6c0c37ac2645bb

Comments