MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1f5ffd320c1fb94287dee8ca8861124e87c0421a10fdc579409343f36c8743a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1f5ffd320c1fb94287dee8ca8861124e87c0421a10fdc579409343f36c8743a
SHA3-384 hash: f42c8a7e6b26afec93aae412edf682f883a5087bee41fdb35e004924cae4fad72062c83d6ea9227f8a69f41da465a8e2
SHA1 hash: c604fab3edfcf2060456d031456167a6468d98c2
MD5 hash: 1964039e13d3f14907359c3ffae2413c
humanhash: undress-connecticut-mountain-chicken
File name:Proforma Invoice.r15
Download: download sample
File size:350'312 bytes
First seen:2021-03-30 12:19:20 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Vc6hqx2xGQ1iyRj/t01VEBYE55n0lHj3m7o4+CvyUF75goqtNOmtiWyPpVquZ:Vc6wx2xF1i+/ODAYEL4D3UvyUFtcHiO4
TLSH 327423660A7780C0E36B88D8A7EE7D1FAE85D9DA67EEC117B210D5844F98C03B1570F6
Reporter abuse_ch
Tags:r15


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: smtp-gw.fpcci.org.pk
Sending IP: 124.29.202.102
From: Finance Manager <sales@c-accts.info>
Reply-To: Finance Manager <madinet.t.c@gmail.com>
Subject: Proforma Invoice
Attachment: Proforma Invoice.r15 (contains "Proforma Invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27502.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b1f5ffd320c1fb94287dee8ca8861124e87c0421a10fdc579409343f36c8743a/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-03-30 12:20:08 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wh277uzayh5zikd552gkrbqretuhybbbueh5yv4ube2d6nwioq5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/b1f5ffd320c1fb94287dee8ca8861124e87c0421a10fdc579409343f36c8743a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar b1f5ffd320c1fb94287dee8ca8861124e87c0421a10fdc579409343f36c8743a

(this sample)

Executable exe c90b2691090ea2e9ccc9a6cf6d873a0a18677bc5a0c4a2c96b278c71d72da272

  
Dropping
MD5 7ab17df5f53dee48353652077f9e00f6
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c90b2691090ea2e9ccc9a6cf6d873a0a18677bc5a0c4a2c96b278c71d72da272

Comments