MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77b7af14ce605d7dd156ff5a4e98ee5087f9255e5c8b4659fbb6565badb80085. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77b7af14ce605d7dd156ff5a4e98ee5087f9255e5c8b4659fbb6565badb80085
SHA3-384 hash: d1235ffbeca854d78ad797ae9ec93dd30e0fa70073c21ffd064cd5993218203942c70d139c8a5d0dcf6af565fca2de31
SHA1 hash: 16d7af715b44c937e05e54002743dd6a2c790c9f
MD5 hash: 287d0ba1bb71b6bb530d5affdff6abd5
humanhash: william-florida-sodium-spaghetti
File name:Billing_Details.zip
Download: download sample
File size:346'953 bytes
First seen:2021-02-23 07:15:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:om19QXahZynSCzS/DX1+4G5A9/mHH/VCSA3hwBlCbkeu5QMi0y+lq0HToneLyJDk:omEaOSggw4IA9/mn/ih8teMi080knrtk
TLSH 547423581A8D5F2FB8D818A8C5B3E9B7038445FB1365B4558D8D73AB904A383EA6F40F
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: pro.mxout.rediffmailpro.com
Sending IP: 119.252.152.37
From: corporate@acrossbroking.com <corporate@acrossbroking.com>
Subject: Payment for BILL 051-2020 Has Been Sent
Attachment: Billing_Details.zip (contains "Billing Details.cmd")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Porcupine.Malware.43883.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/77b7af14ce605d7dd156ff5a4e98ee5087f9255e5c8b4659fbb6565badb80085/
Threat name:
Win32.Trojan.Johnnie
Create hunting rule
Status:
Malicious
First seen:
2021-02-23 07:16:10 UTC
AV detection:
21 of 47 (44.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o6326fgombox3ukw75ne5ghokcd7sjk6lsfumwp3wzlfxlnyaccq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.64
Link:
https://yomi.yoroi.company/submissions/77b7af14ce605d7dd156ff5a4e98ee5087f9255e5c8b4659fbb6565badb80085

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 77b7af14ce605d7dd156ff5a4e98ee5087f9255e5c8b4659fbb6565badb80085

(this sample)

Executable exe 930328b4d0e869b7d6eec8b250366523258c33c121a8515d3a78fe8d6c8c9fc1

  
Dropping
MD5 a4d789c995239985f1fc547b8cd64c32
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 930328b4d0e869b7d6eec8b250366523258c33c121a8515d3a78fe8d6c8c9fc1

Comments