MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 820d6f27da1cbdb1b7fb50d3ded03fc200813c22ec4ec3e7436cdbbff5bc72c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Neurevt


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 820d6f27da1cbdb1b7fb50d3ded03fc200813c22ec4ec3e7436cdbbff5bc72c1
SHA3-384 hash: 4a5ab56d77d03ae1ce658d6681382a87ff4ee81867e86c57f05fbdd3fa2bb1732cf5ea43290f1eacb57faf1e5e7cc3d9
SHA1 hash: 782a04023dbfa7809cf5c7cae0a78a219e4cf4b9
MD5 hash: 8746ced7ce43d38a6f08d0f191d0d23a
humanhash: august-eighteen-bluebird-pluto
File name:Sample of order.gz
Download: download sample
Signature Neurevt
Create hunting rule
File size:426'671 bytes
First seen:2020-10-09 06:27:39 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:y5ZJFVWDy0PdP5ov4AYtOSBzskgKxzWgT7k:y/omYhomMSBzTW6Y
TLSH F99423F267712F32F0F363D39069A90AFE84E745FEB16D2B2C4B72D85848942519E172
Reporter abuse_ch
Tags:gz Neurevt


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ns20.hyyat4host.com
Sending IP: 138.201.62.222
From: Rewijian Gayuh W <tamer_diab@alrosan.com.sa>
Subject: Inquiry for product
Attachment: Sample of order.gz (contains "Sample of order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/820d6f27da1cbdb1b7fb50d3ded03fc200813c22ec4ec3e7436cdbbff5bc72c1/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-09 05:03:10 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qigw6j62ds63dn73kdj55ub7yiaicpbc5rhmhz2dntn375n4olaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/820d6f27da1cbdb1b7fb50d3ded03fc200813c22ec4ec3e7436cdbbff5bc72c1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Neurevt

gz 820d6f27da1cbdb1b7fb50d3ded03fc200813c22ec4ec3e7436cdbbff5bc72c1

(this sample)

Neurevt

Executable exe 2962eba90f4c76463186e170ae32e1ad8ed50b589a83bee7016dc942b80cd0df

  
Dropping
MD5 3c9212d20d32a311f0d3bc7e0706e5a2
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2962eba90f4c76463186e170ae32e1ad8ed50b589a83bee7016dc942b80cd0df

Comments