MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9474167f6944a612b998bb55e0470ed9bb4b519e2aa06d057e7555b8db6f3898. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9474167f6944a612b998bb55e0470ed9bb4b519e2aa06d057e7555b8db6f3898
SHA3-384 hash: 697d2212d678c0dbcea9e453d202e3de8b7a1c5da3f95cf7af6db891f4a3f2e90dacc02af8d77d6f73855e5a79d45150
SHA1 hash: 79fd4ba25effe644c829bfbe83e425df557b9888
MD5 hash: f6ae741950353152c713ae647c1cc4a4
humanhash: bacon-salami-texas-west
File name:PAYMENT 202005.zip
Download: download sample
File size:56'857 bytes
First seen:2020-05-18 19:04:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:H8AuNt4jLLmBfQuX/5QL7hppUMCwbE6FmBweQym:HnuNC7mBft/iL7lOm
TLSH 87430204E2BB07FD5EAD7F6057F4CD4900459E86429B322C1D323831A6AB1E636857E6
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email
From: Antonella <fbashiri@ksu.edu.sa>
Received: from ksu.edu.sa (unknown [37.120.145.189])
Date: 19 May 2020 03:56:38 -0700
Subject: Transfer Online Payment
Attachment: PAYMENT 202005.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FSTD653553A9399.8536.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 02:10:00 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sr2bm73jistbfomyxnk6aryo3g5uwum6fkqg2bl6ovk3rw3phcma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 9474167f6944a612b998bb55e0470ed9bb4b519e2aa06d057e7555b8db6f3898

(this sample)

GuLoader

Executable exe bbb38a432f7eff2a12b72c3ed853e937fbf5d7b9bd23b9f8ab61beb6bd594c10

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bbb38a432f7eff2a12b72c3ed853e937fbf5d7b9bd23b9f8ab61beb6bd594c10

Comments