MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a7fbbc38e17f1af1183e3d50c7aab4e104fd4c53fe4402eeb3c9092506016dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a7fbbc38e17f1af1183e3d50c7aab4e104fd4c53fe4402eeb3c9092506016dc
SHA3-384 hash: 2bf8da65f2b33183cddd612bd4458f7930f32f3357266286fcba9e33af9daffc2bc3b9f119e1abc1ba81c21c2761d8b4
SHA1 hash: 9b5deab9fb1713c7db8e736320cf8348dbe96694
MD5 hash: ebbbcf8c3ba0e31bc7c9088a9a2b7e73
humanhash: harry-earth-xray-dakota
File name:Cabcon_356356256262,pdf.zip
Download: download sample
File size:604'034 bytes
First seen:2020-10-14 15:07:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:lJDd4tUS/Z8v8hWSBM1wufQnWsT1WgQB2D0dupPGpMF9dlra1wnMkQzfC5VWcGz:lJRoy8WEM1vvSMD7upPnwR65Ve
TLSH 80D423F092249C4F86FC4266A266CA2C948CFC4DDFB92AD0D7E9994B311B7B2DD37054
Reporter abuse_ch
Tags:DHL geo NLD zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps.frofr-atibu.com
Sending IP: 45.95.169.149
From: DHL Express Cargo <delivery@dhl.com>
Subject: Betaling - SWIFT
Attachment: Cabcon_356356256262,pdf.zip (contains "Cabcon_356356256262,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.26176.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9a7fbbc38e17f1af1183e3d50c7aab4e104fd4c53fe4402eeb3c9092506016dc/
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-10-14 00:27:50 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tj73xq4oc7y26emd4pkqy6vljyie7vgfh7sealxlhsijeudac3oa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9a7fbbc38e17f1af1183e3d50c7aab4e104fd4c53fe4402eeb3c9092506016dc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 9a7fbbc38e17f1af1183e3d50c7aab4e104fd4c53fe4402eeb3c9092506016dc

(this sample)

Executable exe b2a9289cb0dcecea670e1e284902963133a07267ee687ccd8b8e4f5bed9a3b43

  
Dropping
MD5 560a1d6a3a7f041a51304f4c15565448
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b2a9289cb0dcecea670e1e284902963133a07267ee687ccd8b8e4f5bed9a3b43

Comments