MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 940ff5c5d0947fa9276e425f1e41ab3b14853138a8c7434a4dd27a6f8830f569. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 940ff5c5d0947fa9276e425f1e41ab3b14853138a8c7434a4dd27a6f8830f569
SHA3-384 hash: 44a62b3dc32962766b80d5235813e5586f88307b5559867b1d401c7e4d13b640716745b53f8f9cfe0684ec3d5479c61e
SHA1 hash: 263046bb166d2ac7b8ae35d8496380f53b8f5035
MD5 hash: fb3823b5572db25b0aa608415f8b64a6
humanhash: echo-nine-zebra-pennsylvania
File name:HSBC Payment Advice.gz
Download: download sample
File size:765'806 bytes
First seen:2021-03-25 10:14:20 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:7ncmDCI6lLdw3VdNOot93GDMKQBkvqfYKS4MmcE2HGw7Zuum+idDuYOyo:7oI2+FdNH38Q+Uo8MGw7Zdm+GC
TLSH F7F433D17CCFCA62DA8A355E521970422A973F75BB7182180EE2C3176A53B36D6FC04B
Reporter abuse_ch
Tags:gz HSBC


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hrl.comsats.net.pk
Sending IP: 203.124.39.163
From: HSBC BANK PAKISTAN <atiqa@rdlpk.com>
Subject: HSBC Payment Advice - Advice Ref:[GLVC30693856] / Priority payment / Customer Ref:[8000150421]
Attachment: HSBC Payment Advice.gz (contains "HSBC Payment Advice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Dropper-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/940ff5c5d0947fa9276e425f1e41ab3b14853138a8c7434a4dd27a6f8830f569/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-03-25 10:15:08 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sqh7lroqsr72sj3oijpr4qnlhmkikmjyvddugssn2j5g7cbq6vuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/940ff5c5d0947fa9276e425f1e41ab3b14853138a8c7434a4dd27a6f8830f569

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz 940ff5c5d0947fa9276e425f1e41ab3b14853138a8c7434a4dd27a6f8830f569

(this sample)

Executable exe 708ca97e578a8821640200bb5d9b030487b3159192eeda5aa20875bac0748f7d

  
Dropping
MD5 6d142b3932519472c22ca86a63d6f5d1
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 708ca97e578a8821640200bb5d9b030487b3159192eeda5aa20875bac0748f7d

Comments