MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af3fcc4d0646a3a2c27512b07a0c84428ced10606e28e248ecfcd8c2569d85d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 3 Yara 1 Comments

SHA256 hash: af3fcc4d0646a3a2c27512b07a0c84428ced10606e28e248ecfcd8c2569d85d8
SHA3-384 hash: 50bac24c16ae382320e44c7238535d5d8cc7ec9a474e13f3d925746f5b72a7683842219dae11422933f863b771faf140
SHA1 hash: fe28bcdc3b2e733740a993e6665676709e1787a0
MD5 hash: b2e6be2b7c08933f90d09b45a6144f85
humanhash: friend-orange-yellow-nineteen
File name:e-vote_form_8748.doc
Download: download sample
Signature TrickBot
File size:168'960 bytes
First seen:2020-06-10 15:23:11 UTC
Last seen:2020-06-10 16:08:32 UTC
File type:Word file doc
MIME type:application/msword
ssdeep 3072:wr6ja1PxkgE5/3RxLDhOr0s9wVPg+Ry03:6PY7Q03
TLSH 67F3198276E299C6E443CC3A4D4AEFE8D9347E671C01823B3D9B37D9253782B9925D42
Reporter @abuse_ch
Tags:doc TrickBot


Twitter
@abuse_ch
Malspam distributing unidentified malware:

HELO: copsbiau.monster
Sending IP: 89.203.248.175
From: State ministry <pack@copsbiau.monster>
Subject: Speak out anon about Black Lives Matter
Attachment: e-vote_form_8748.doc

Unknown payload URLs:
https://ppid.indramayukab.go.id/may.php
https://www.inspeclabeling.com/wp-content/themes/processing/may.php

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 76
Origin country FR FR
ClamAV TwinWave.EvilDoc.IcedIDCoolAsIce.20200609.UNOFFICIAL
CERT.PL MWDB Gathering data
ReversingLabs :Status:Malicious
Threat name:Document-Word.Trojan.Rdn
First seen:2020-06-10 15:25:07 UTC
AV detection:16 of 31 (51.61%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
VirusTotal:Virustotal results 9.68%

Yara Signatures


Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

TrickBot

Word file doc af3fcc4d0646a3a2c27512b07a0c84428ced10606e28e248ecfcd8c2569d85d8

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments