MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67291804807345f1c6241ca80685e6486818d2b9641cf57320dc6546714ea283. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ConnectWise


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 67291804807345f1c6241ca80685e6486818d2b9641cf57320dc6546714ea283
SHA3-384 hash: 1428a1926437ad6541d2320b12378493445a3c7f059a5d5100a0c80fb2761efb1ec990cf7dd8fcd2565d639fcca422df
SHA1 hash: 36f4e4c460e03c4a8a101d77e865f92057203280
MD5 hash: 8410993a78db01cbaefcda1111a4b666
humanhash: beryllium-lithium-uncle-september
File name:STMT.pdf
Download: download sample
Signature ConnectWise
Create hunting rule
File size:119'147 bytes
First seen:2024-10-17 18:01:12 UTC
Last seen:Never
File type: pdf
MIME type:application/pdf
ssdeep 3072:IQJToJUDbLeaCYu5/5Eau46gEqwfLQMqUlb5WgSZDEu:IOouXu55E7gdrVUlNpQ3
TLSH T140C302D927F907BFC8C86C3C22E5CC34D76388EB525D2EAA8139DCA394589F81175938
Magika pdf
Reporter malwarology
Tags:pdf

Intelligence

File Origin
# of uploads :
1
# of downloads :
313
Origin country :
US US
Vendor Threat Intelligence
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6711511be706a56b5a0293b2
Tags:
Powershell Exploit Remo Blic
Result
Verdict:
Clean
File Type:
PDF File
Link:
https://app.docguard.net/67291804807345f1c6241ca80685e6486818d2b9641cf57320dc6546714ea283/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
phishing
Link:
https://www.filescan.io/uploads/6711511a2b3a5d16e03d6b5a/reports/24f1bf8a-4e78-40e7-a6b0-13147f03a60c/overview
Verdict:
Suspicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/67291804807345f1c6241ca80685e6486818d2b9641cf57320dc6546714ea283
Label:
Malicious
Suspicious Score:
9.0/10
Score Malicious:
91%
Score Benign:
9%
Link:
https://www.malware.ai/gui/files/?id=f0f3c841-382f-4405-ad61-0f5063598519
Result
Threat name:
ScreenConnect Tool
Create hunting rule
Detection:
clean
Classification:
n/a
Score:
6 / 100
Link:
https://www.joesandbox.com/analysis/1536326
Behaviour
Behavior Graph:
n/a
Score:
93%
Verdict:
Malware
File Type:
PDF
Link:
https://malprob.io/report/67291804807345f1c6241ca80685e6486818d2b9641cf57320dc6546714ea283
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/67291804807345f1c6241ca80685e6486818d2b9641cf57320dc6546714ea283/
Threat name:
Document-PDF.Phishing.Generic
Create hunting rule
Status:
Malicious
First seen:
2024-10-17 16:24:53 UTC
File Type:
Document
Extracted files:
4
AV detection:
5 of 38 (13.16%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m4urqbeaonc7drredsuanbpgjbubruvzmqopk4za3rsum4koukbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/67291804807345f1c6241ca80685e6486818d2b9641cf57320dc6546714ea283

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ConnectWise

pdf 67291804807345f1c6241ca80685e6486818d2b9641cf57320dc6546714ea283

(this sample)

ConnectWise

Executable exe 85276b1893f8307a681f8c8b22c6d7eaa40620afcf987a7a22a4ab39f7300253

  
Dropping
SHA256 85276b1893f8307a681f8c8b22c6d7eaa40620afcf987a7a22a4ab39f7300253
  
Delivery method
Distributed via e-mail attachment
  
Dropping
MD5 95c83010549bc9fe36a625307cf6cd8d

Comments