MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9914ae78b914ae2e3f68a6d91fec5e579594a421faae725c0eb83a8c911b2503. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9914ae78b914ae2e3f68a6d91fec5e579594a421faae725c0eb83a8c911b2503
SHA3-384 hash: cec8a7c4776b5e79ed8c98127362a48f7c052706ca10fd534273635d6bf98b31b5dcf718029a8477c6be20e488a8c234
SHA1 hash: 2de0ce54ff053348bf0e615078435913e92ac4df
MD5 hash: b57cc50b9454f5755f0064fa3ae1e15a
humanhash: lamp-spring-zebra-paris
File name:PO 2005072 INTECSA INARSA.cab
Download: download sample
File size:268'139 bytes
First seen:2020-08-05 12:08:31 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:DDdTW8wrCj7/Nc8tDATdLsn4gPgNhOX8fL2HIx4:3d68/7m0M2chiiL54
TLSH F944232698C9D822B7A4BBC0D3F5CC9E9DC5FE2D39E1762CEF6061531A5142ACF27502
Reporter abuse_ch
Tags:cab


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vepo.donoralpha.com
Sending IP: 111.118.214.86
From: Santiago <general@intecsa-inarsa.es>
Subject: PO 2005072 INTECSA INARSA
Attachment: PO 2005072 INTECSA INARSA.cab (contains "PO 2005072 INTECSA INARSA.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.22715.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9914ae78b914ae2e3f68a6d91fec5e579594a421faae725c0eb83a8c911b2503/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-08-05 12:10:10 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tekk46fzcsxc4p3iu3mr73c6k6kzjjbb7kxhexaoxa5izei3eubq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9914ae78b914ae2e3f68a6d91fec5e579594a421faae725c0eb83a8c911b2503

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 9914ae78b914ae2e3f68a6d91fec5e579594a421faae725c0eb83a8c911b2503

(this sample)

Executable exe d7cc722f1aa4b96ed4250ccc11c364e36a03d524c09d6303fc686f595b24aa0b

  
Dropping
MD5 9b4593d2fc1b93383bbfdc422469d1f9
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d7cc722f1aa4b96ed4250ccc11c364e36a03d524c09d6303fc686f595b24aa0b

Comments