MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ade0cb481432ee841bd0e83869a18c508971ace6fc79b0fec75bec79cb7f70b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ade0cb481432ee841bd0e83869a18c508971ace6fc79b0fec75bec79cb7f70b1
SHA3-384 hash: 81b152f39395631d7a8683c2157b9488a9aad7469db5b8a5868b1041a5b2c62fcdb46883f44475f71f431c24d45cfa76
SHA1 hash: 11bc4c51f56ce23d2be266f1bbfc05524b6aa096
MD5 hash: 930c72fc6d46b6c6b890576bfc914a15
humanhash: mango-avocado-lima-london
File name:OCT POHN512201811_PDF.uue
Download: download sample
File size:167'454 bytes
First seen:2020-10-16 12:58:36 UTC
Last seen:Never
File type: uue
MIME type:application/vnd.ms-cab-compressed
ssdeep 3072:La+D7aL+fGxqqF07adX9PQ2Z79yjFwbM6JzDQB7RQkO2FxrL3RvpUPEj:WJLrO2dX9PQ8gj2brVD+LOyrLdU8
TLSH 97F323AD41806E92DDFA00EB7FE56D20F241C0A9D833A4CD6529E5F7EC04716EF76059
Reporter abuse_ch
Tags:uue


Avatar
abuse_ch
Malspam distributing unidentified malware:

From: Thilina Prabath<office@fpxsolution.nl>
Subject: Purchase Order for victim-email
Attachment: OCT POHN512201811_PDF.uue (contains "OCT POHN512201811_PDF.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ade0cb481432ee841bd0e83869a18c508971ace6fc79b0fec75bec79cb7f70b1/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-10-16 13:00:06 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vxqmwsauglxiig6q5a4gtimmkcexdlhg7r43b7whlpwhts37ocyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Remcos
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ade0cb481432ee841bd0e83869a18c508971ace6fc79b0fec75bec79cb7f70b1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

uue ade0cb481432ee841bd0e83869a18c508971ace6fc79b0fec75bec79cb7f70b1

(this sample)

Executable exe ee1a9615502f7e593a97d94528cffa575919ee29820bc99c27180296c228d5cb

  
Dropping
MD5 7f8cf583ff74d621374afd6769db6dee
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ee1a9615502f7e593a97d94528cffa575919ee29820bc99c27180296c228d5cb

Comments