MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ccb83ac658508256311a37242311da5ad732e9e6d5f58c84655291a3018a804. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9ccb83ac658508256311a37242311da5ad732e9e6d5f58c84655291a3018a804
SHA3-384 hash: 12acffc4ae4e48217a77ac5ec069f9541a0fc4c70a5526ed7dc7605eea3ccd990e823b9ff7c750c19fee06fdda88c672
SHA1 hash: 02d8f71f1c222ebe2f94db55b0640718a48213d3
MD5 hash: b4f12b8cf550b7d42a7e4a854e98472e
humanhash: quebec-item-social-one
File name:Payment Receipt.zip
Download: download sample
File size:346'959 bytes
First seen:2021-02-22 07:29:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:3AVbvorbbhN3/xdo1o4GFA9pmHp/VCSi3hw7lkbk+u3QMY0y+lqcHTonq1y9DYRf:iMnhN35dp4QA9pmJ/khmbAMY088kn1Zo
TLSH E07423B8068E8F8E6CC968BD9E13D6B50A814AEB1654F4045DDEB3BBC055643F66F00F
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: zmail.lkcl.in
Sending IP: 180.211.114.254
From: Basudeb.Pan <info@lkcl.in>
Subject: Payment Acknowledgement Is Attached
Attachment: Payment Receipt.zip (contains "Payment Receipt.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.MulDrop16.11011.10092.19889.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9ccb83ac658508256311a37242311da5ad732e9e6d5f58c84655291a3018a804/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2021-02-22 07:30:21 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ttfyhldfqueckyyrunzeemi5uwwxglu6nvpvrscgkuurumayvaca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 9ccb83ac658508256311a37242311da5ad732e9e6d5f58c84655291a3018a804

(this sample)

Executable exe 54f76bffd468bfb38aaf0adb0fadbfc9fa3a947b420d002c2206e57c805e6000

  
Dropping
MD5 988a0c01a18e92a42a48b33614f0a446
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 54f76bffd468bfb38aaf0adb0fadbfc9fa3a947b420d002c2206e57c805e6000

Comments