MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a1c11ef934b425f1df2fa876c513b169d3e6a0e8d2a408d9269d91536287176. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a1c11ef934b425f1df2fa876c513b169d3e6a0e8d2a408d9269d91536287176
SHA3-384 hash: e145561d2a4113a150aaa3cb0a5b03aa44a323b61f436238045cf3f73d7896a7c024064410ad870d1f1df5a97b153086
SHA1 hash: bd55cdaaee3944d1b70b3cf6442f69fcd11ec507
MD5 hash: 37910fee5baced6a87934cc8f109e3e2
humanhash: rugby-mango-pasta-cup
File name:Swift00111.Scan.pdf..rar
Download: download sample
File size:565'407 bytes
First seen:2020-10-14 14:30:34 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:B0qXAvQOHlljxXpjAejcfuAhWl5PrppOv12odylD/i:qIOHlJ1hfAfu17rnOt2LZq
TLSH 52C423D1540E3A1B94DB5BDDA1D3BEF4FD59A83081B88F38E389F48642A5909E187C92
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail0.hcs.harvard.edu
Sending IP: 52.3.27.8
From: Jorge Cuevas <hpair@hcs.harvard.edu>
Subject: RE:RE:Swift/Pago
Attachment: Swift00111.Scan.pdf..rar (contains "Swift00111.Scan.pdf...exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27121.RarHeur.NoDP.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9a1c11ef934b425f1df2fa876c513b169d3e6a0e8d2a408d9269d91536287176/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-13 22:09:22 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tiobd34tjnbf6hps7kdwyuj3c2ot42qoruvebdmsnhmrknriof3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9a1c11ef934b425f1df2fa876c513b169d3e6a0e8d2a408d9269d91536287176

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 9a1c11ef934b425f1df2fa876c513b169d3e6a0e8d2a408d9269d91536287176

(this sample)

Executable exe e0ab0c0a0a8c8e39df896a50ff45c88d66418e7d091e54a28d9027e407d0b3b4

  
Dropping
MD5 66be57d4c96b04060b2b5b59aec3253e
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e0ab0c0a0a8c8e39df896a50ff45c88d66418e7d091e54a28d9027e407d0b3b4

Comments