MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb87a82a7e72d67fe9650bf45b0989ba75da7837abc36ec9bbaeabe73b89fcd6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb87a82a7e72d67fe9650bf45b0989ba75da7837abc36ec9bbaeabe73b89fcd6
SHA3-384 hash: e2360e828a4c7133efcc4c59b6831060b4ee472c05b7e36d25f9ea2850f86ef4905589168a7f1762ed5553ab2f40da21
SHA1 hash: 39c3d0cc73814a478073eb0187f0b950ab76f8ae
MD5 hash: 507a92ca0aeba2922e2cd3c75bc0686a
humanhash: bulldog-batman-dakota-september
File name:e-dekont 1.rar
Download: download sample
File size:736'169 bytes
First seen:2020-11-05 10:30:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:NCi0ojBqr4MmtgAzrxTyVv12rsLeqhbc4ZIK9gR/ZpF1BUJw6jjRzoBj9ngOO1Ym:r3DMm75wQsLeqa4ZIpRhH1BUJRjRzygl
TLSH AFF423C7DDD857B179F56D2785693B8E023932FA8F01CB6082E7EC6029BD622CC67241
Reporter abuse_ch
Tags:geo rar TUR ZiraatBank


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: srv1.demspor.com
Sending IP: 31.169.94.221
From: "ZIRAAT BANKAS" <ziraatbank@ileti.ziraatbank.com.tr>
Reply-To: "ZIRAAT BANKAS"<ziraatbank@ileti.ziraatbank.com.tr>
Subject: DEKONT
Attachment: e-dekont 1.rar (contains "gogogogo.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb87a82a7e72d67fe9650bf45b0989ba75da7837abc36ec9bbaeabe73b89fcd6/
Threat name:
Win32.Trojan.Strictor
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 10:17:10 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xod2qkt6ollh72lfbp2fwcmjxj25u6bxvpbw5sn3v2v6oo4j7tla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar bb87a82a7e72d67fe9650bf45b0989ba75da7837abc36ec9bbaeabe73b89fcd6

(this sample)

Executable exe 80635f4e76ece60d333c982dd507169501b59500eb3db074f758b5dd9533a88e

  
Dropping
MD5 17c560801c2613efad3beee7e7fc7c1f
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 80635f4e76ece60d333c982dd507169501b59500eb3db074f758b5dd9533a88e

Comments