MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 948fa19b9f15a1445ed25316ed25c3c0ac3b081e252c14bf177969cbcff61190. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 948fa19b9f15a1445ed25316ed25c3c0ac3b081e252c14bf177969cbcff61190
SHA3-384 hash: e74794a71c6a9222761a0bdd7395da9e5179c75aab40ad70253205b599b1607cd949cb460e5c9f72e7136eda2d4bc097
SHA1 hash: 830244b19703c394a4224affbe39c82626c5b3cd
MD5 hash: 2fd1f11f815f6afa582f9dfa7d0bb5f3
humanhash: foxtrot-alanine-cat-lactose
File name:PO doc.z
Download: download sample
File size:861'201 bytes
First seen:2020-12-17 08:31:43 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:9FUDUH3x/GV4EfWHpsTPh/62srQsB5v4xkmOEzvuzH:RHh/wZe6g2s9zA2bESH
TLSH 0805239986F7FE2DCF2DBA03440353B5CA958205D66F935CB711F1B3563A00EB2AA076
Reporter abuse_ch
Tags:CHN geo z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: host.ecolifehost.com
Sending IP: 178.238.233.20
From: Purchase Dept. <alexanderbeyer101@outlook.com>
Subject: 回复:PO
Attachment: PO doc.z (contains "PO doc.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/948fa19b9f15a1445ed25316ed25c3c0ac3b081e252c14bf177969cbcff61190/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-12-17 08:32:08 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ssh2dg47cwquixwskmlo2jodycwdwca6euwbjpyxpfu4xt7wcgia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/948fa19b9f15a1445ed25316ed25c3c0ac3b081e252c14bf177969cbcff61190

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

z 948fa19b9f15a1445ed25316ed25c3c0ac3b081e252c14bf177969cbcff61190

(this sample)

Executable exe 8b69a5f760b83c4eecd54dda2695a384122983a89a599fa8683aecaa7dbedce0

  
Dropping
MD5 9924e11ba8b95c6769006e27fdaba185
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8b69a5f760b83c4eecd54dda2695a384122983a89a599fa8683aecaa7dbedce0

Comments