MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9dfa36d9e22e19c3943ef578d95875f1a769c00f03238389f656b3c3fdf1c2eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments

SHA256 hash: 9dfa36d9e22e19c3943ef578d95875f1a769c00f03238389f656b3c3fdf1c2eb
SHA3-384 hash: 8d5189e4ddbd96a8ec61822a03aa3c2e87f894ec980bf65ee0d597b7662c3bb4145e8d35318963dc5dd06e4c0f587c5a
SHA1 hash: 7ed02bbca8ec3d22ed28592f0abff589a4a736e1
MD5 hash: 20d0229c0f93710fca7a543503759d0e
humanhash: north-carpet-comet-william
File name:Fatura.Vivo.zip
Download: download sample
Signature n/a
File size:253 bytes
First seen:2022-08-05 07:03:12 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6:5jTDxyVwWcsvqSzI6W2n/5UhdDxyVYrWNF6TkBTkZuG/i+lJ:5jT8JqSnx/5KBSNBGZuG/iaJ
TLSH T1B0D02317477F0D89C0715175204A6789B9D4FF87E0A94993C37432929DC8BED1B03D48
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter @cocaman
Tags:zip


Twitter
@cocaman
Malicious email (T1566.001)
From: "conta@vivo.com.br2257558" (likely spoofed)
Received: "from vivo70.anitfotershon.com (vivo70.anitfotershon.com [195.133.199.162]) "
Date: "Thu, 4 Aug 2022 18:27:30 +0300"
Subject: "Comunicado Vivo - Bloqueio Linha e Servicos 7144046456"
Attachment: "Fatura.Vivo.zip"

Intelligence


File Origin
# of uploads :
1
# of downloads :
158
Origin country :
CH CH
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Clean
File Type:
HTML File
Alert level:
0%
Payload URLs
URL
File name
https://storage.googleapis.com/atraso/fatura.html
HTML File
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 9dfa36d9e22e19c3943ef578d95875f1a769c00f03238389f656b3c3fdf1c2eb

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments