MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ceb767173d4c39a53735e45baf559e7ac4ca40f9849143817c0e313ca496793. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6ceb767173d4c39a53735e45baf559e7ac4ca40f9849143817c0e313ca496793
SHA3-384 hash: 1ebf405b5d8e51834352c86c9fb9188fac05e33d60dd5d2cb007b202c8cbed20ef1b927cf6903b44e17765a379506907
SHA1 hash: 7760b83dbb4273839b5ff02b87e47780e7edf735
MD5 hash: 22a492b9743e920f9155ddc568d749b3
humanhash: low-skylark-queen-friend
File name:RePurchase Order.zip
Download: download sample
File size:430'695 bytes
First seen:2020-08-18 12:08:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:bJuxecoIb/3NvPCt/6hb3W5yuPLeyI6zg5:tJcRPNvEqWJI6zi
TLSH 969423BA117BA794531369BDAA7840F52420F42377F8D5B7003868ABCD5E3D3A32E562
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

From: jum@yiqioachina.com
Subject: Re:Purchase Order
Attachment: RePurchase Order.zip (contains "8r6ZwieZZGYihGY.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6ceb767173d4c39a53735e45baf559e7ac4ca40f9849143817c0e313ca496793/
Threat name:
ByteCode-MSIL.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 11:47:58 UTC
AV detection:
25 of 46 (54.35%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ntvxm4lt2tbzuu3tlzc3v5kz46wezjaptberioaxydrrhssjm6jq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6ceb767173d4c39a53735e45baf559e7ac4ca40f9849143817c0e313ca496793

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 6ceb767173d4c39a53735e45baf559e7ac4ca40f9849143817c0e313ca496793

(this sample)

Executable exe a839e6e1e51959eec1004e636c5dda866b665b63a2d450669393fffcd6aac706

  
Dropping
MD5 064fb30b40735aa39d62a4edbfc32a14
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a839e6e1e51959eec1004e636c5dda866b665b63a2d450669393fffcd6aac706

Comments