MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bcd72ed7eaa6f32678274f099ec215089ec4c3bd7dcf8739662ab83216741515. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: bcd72ed7eaa6f32678274f099ec215089ec4c3bd7dcf8739662ab83216741515
SHA1 hash: a3ff88dbc6acbd551cfcc53ed2f7516f59dab66d
MD5 hash: b46d6141b9de26d4ca502fde75248389
File name:Missing Invoices.zip
Download: download sample
Signature n/a
File size:39'038 bytes
First seen:2020-05-23 07:26:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:6/U64ffeGQCYctWVpE4B5FY9PhWk3AmG5R/0Mab5mODjz0wQhKBv5cJR/dd5x:u7Of2ItQE4VkPhWk45R/0cOvz0wQhK2r
TLSH 4103F14CF4FC072CAB50695720DDC3669FA64071C6FE93B05638B04BB0D96E6A6B35E2
Reporter @abuse_ch
Tags:NjRAT RAT zip


Twitter
@abuse_ch
Malspam distributing njrat:

HELO: thror.xzopiahosting.com
Sending IP: 80.76.219.45
From: Una Tormey <joanne@automationcontrolsltd.co.uk>
Subject: Invoice 56493 from O.K. finboroughschool
Attachment: Missing Invoices.zip (contains "Missing Invoices.jar")

Unknown RAT C2:
37.221.113.68:5551

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 21
Origin country US US
ClamAV SecuriteInfo.com.JS.Trojan.Cryxos.3726.3374.878.UNOFFICIAL
SecuriteInfo.com.JS.Trojan.Cryxos.3726.136.30804.UNOFFICIAL
VirusTotal:Virustotal results 32.76%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip bcd72ed7eaa6f32678274f099ec215089ec4c3bd7dcf8739662ab83216741515

(this sample)

  
Dropping
njrat
  
Delivery method
Distributed via e-mail attachment

Comments