MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97911a67667e73c0c1628e2b441dd6f9ced9f142e87665e9c2f23d56c87b919c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 1 Yara 1 Comments

SHA256 hash: 97911a67667e73c0c1628e2b441dd6f9ced9f142e87665e9c2f23d56c87b919c
SHA3-384 hash: 2c96084da52aa2363b63e7855d411e2b80d681cbbc7d4553bd55de9295247e6d3e61729b016a7d7f17b97fa283ccb446
SHA1 hash: d9b04721b2f7b832abc3fb78f3aa969bf1401ef8
MD5 hash: 2724b111225ce89b723ab445ed056c58
humanhash: spaghetti-kentucky-queen-uncle
File name:e-vote_form 490.57.607 .doc
Download: download sample
Signature TrickBot
File size:163'328 bytes
First seen:2020-06-30 17:41:57 UTC
Last seen:2020-06-30 18:48:48 UTC
File type:Word file doc
MIME type:application/msword
ssdeep 3072:WAg61rSU6xFid/gvfjDzZ89yq/KZQHf7RvRdpX:WWr0DiKv7C3
TLSH 8BF3CF15B648DE5AE19704B11E8BEBB93234BE0D4EC1CBA3B368F73D6C721219653648
Reporter @abuse_ch
Tags:doc TrickBot


Twitter
@abuse_ch
Malspam distributing unidentified malware:

HELO: server78ns2.heberjahiz.com
Sending IP: 159.253.152.249
From: Dave Murray <info@careercenter.ma>
Subject: let us know your opinion anon about Black Lives Matter
Attachment: e-vote_form 490.57.607 .doc

Unknown payload URL:
http://www.online-library.org/wp-content/themes/genesis/tds.php

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 44
Origin country US US
ClamAV TwinWave.EvilDoc.BattleWithoutHonorOrHumanity.20200630.UNOFFICIAL
SecuriteInfo.com.Heur.W97DownloaderA.24708.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/97911a67667e73c0c1628e2b441dd6f9ced9f142e87665e9c2f23d56c87b919c/
ReversingLabs :Status:Malicious
Threat name:Document-Word.Trojan.Powdow
First seen:2020-06-30 17:43:03 UTC
AV detection:11 of 31 (35.48%)
Threat level:   5/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   1/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-dw4s43yw6n/
Tags:n/a
VirusTotal:Virustotal results 13.11%

Yara Signatures


Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

TrickBot

Word file doc 97911a67667e73c0c1628e2b441dd6f9ced9f142e87665e9c2f23d56c87b919c

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments