MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 71658592a83a50c7cc2a7c0398003f78b1e1efa5278aba06bf2b37c7c3a3b7b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Neurevt


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 71658592a83a50c7cc2a7c0398003f78b1e1efa5278aba06bf2b37c7c3a3b7b3
SHA3-384 hash: 48b1b0139804f4eefd9b8937706b8bdb5055c06d45a398627b094bd56f716b42c89d848f75014d3b13959604c2103211
SHA1 hash: 3fe60cf5cc7978d6a415087e26d189023ed4fcc8
MD5 hash: 97caa00aefa8dd8abddfeb2a95d9a71c
humanhash: apart-fish-asparagus-ack
File name:Completed Finance Application and Required Documents.DOC.gz
Download: download sample
Signature Neurevt
Create hunting rule
File size:259'071 bytes
First seen:2020-10-13 10:35:28 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:c3pa8x0QxABZvp2JZhQBJeltXvdQLlyB4i:c3pMQxaYZh8JeldmJ0r
TLSH 3D4423B0EFBF00FA490999BAD63CC85EC299136D397104A4C8A3A09B6124755CFDF367
Reporter abuse_ch
Tags:gz Neurevt


Avatar
abuse_ch
Malspam distributing Neurevt:

HELO: saxamarketing.com
Sending IP: 199.217.115.34
From: naledistaat@mweb.co.za
Subject: Re: Finance Application and Required Documents
Attachment: Completed Finance Application and Required Documents.DOC.gz (contains "Completed Finance Application and Required Documents.DOC.exe")

Neurevt C2:
http://cwjamaica.us/et/logout.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis9E6A523473B8.16070.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/71658592a83a50c7cc2a7c0398003f78b1e1efa5278aba06bf2b37c7c3a3b7b3/
Threat name:
Win32.Trojan.Weelsof
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 08:18:23 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ofsylevihjimptbkpqbzqab7pcy6d35fe6flubv7fm34pq5dw6zq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/71658592a83a50c7cc2a7c0398003f78b1e1efa5278aba06bf2b37c7c3a3b7b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Neurevt

gz 71658592a83a50c7cc2a7c0398003f78b1e1efa5278aba06bf2b37c7c3a3b7b3

(this sample)

Neurevt

Executable exe aef47ea6290bbdfa6ca5994e556ba1d3a09200a525ab0aa11eb9fca8f324dfdf

  
Dropping
MD5 9e6a523473b8b248169a7c012df77e71
  
Dropping
Neurevt
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aef47ea6290bbdfa6ca5994e556ba1d3a09200a525ab0aa11eb9fca8f324dfdf

Comments