MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85f9d05d2a3c3ec95f45591714a04138112a95f45f528507c5f3e0e207d53172. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85f9d05d2a3c3ec95f45591714a04138112a95f45f528507c5f3e0e207d53172
SHA3-384 hash: afb4a7c26f7791f433db6ffaf24d9b61af2a525a847689f91081af315f37ba7383fcb947c3b969ee18635fd7ef4838a9
SHA1 hash: abb2b0b76abd5526f9c0b493d7559bce096d6ba7
MD5 hash: 5ca25468563af2fa7e7dfc08ca47f54f
humanhash: bacon-network-stream-orange
File name:HSBC PAYMENT SLIP.gz
Download: download sample
File size:461'196 bytes
First seen:2020-11-05 09:36:28 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:tmMq5dhDU1/910AuNxY2kptEa2syGZCUWNPG:tyvheyDvIpM1NNPG
TLSH 31A42384269FA2D6ED800159FAD2733F9CC70DAE7A3753752E25005E392D4E018EEE2D
Reporter abuse_ch
Tags:gz HSBC


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mx621.qwords.net
Sending IP: 103.28.12.51
From: HSBC BANK <advising.service.26040270.825605.2830646254@securemail-advising.hsbc.com>
Subject: Payment Advice - Advice Ref:[GLVA30213308] / ACH credits / Customer Ref:[84668] / Second Party Ref:[55007020]
Attachment: HSBC PAYMENT SLIP.gz (contains "HSBC PAYMENT SLIP.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Variant.Strictor.251080.14026.14761.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/85f9d05d2a3c3ec95f45591714a04138112a95f45f528507c5f3e0e207d53172/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-04 22:30:11 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qx45axjkhq7msx2flelrjicbhaisvfpul5jikb6f6pqoeb6vgfza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz 85f9d05d2a3c3ec95f45591714a04138112a95f45f528507c5f3e0e207d53172

(this sample)

Executable exe e1ec1bb7aa6dec1ced8de00080d6c7b26890b89af96e05fb81f806bef1464be6

  
Dropping
MD5 89b1490f22f16039328759cfa9e7bb66
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e1ec1bb7aa6dec1ced8de00080d6c7b26890b89af96e05fb81f806bef1464be6

Comments