MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf1e9d1bb0b5d53567805b0e5f5a9e49b4c07799fd63d1617192f98a68d9a513. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf1e9d1bb0b5d53567805b0e5f5a9e49b4c07799fd63d1617192f98a68d9a513
SHA3-384 hash: a4fff6bbf7111e6c0baa4039b95eff336e80c4f7600ca15559e085f2386f5c82cafaa4905bbc59db5347221beb13c5a3
SHA1 hash: 802caab2bd5c8db5c65ca24a89294b92e6719781
MD5 hash: b2d453597ac8589e040710df972d14ec
humanhash: seven-hydrogen-purple-nebraska
File name:purchase first Order PO_197612.lzh
Download: download sample
File size:13'189 bytes
First seen:2020-10-13 12:26:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:84t6+CIqg3Bk1ZEZ7c3wgP6xjtua3dF92b1SaE:7hBPSwgyxjR3Z2JSj
TLSH DC42D106C1F83683C87A3B59DE6F37FE42042E9853EA5D926C036DAB449583E03E7575
Reporter abuse_ch
Tags:lzh


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: 159556.MONOVM.COM
Sending IP: 193.239.84.249
From: Sales06 <aramaki@morisita-fastener.co.jp>
Reply-To: uttarabenz@gmail.com
Subject: Fw: Payment-Order_HT_20191129
Attachment: purchase first Order PO_197612.lzh (contains "amila4.0.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf1e9d1bb0b5d53567805b0e5f5a9e49b4c07799fd63d1617192f98a68d9a513/
Threat name:
ByteCode-MSIL.Infostealer.Tepfer
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 11:18:45 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x4pj2g5qwxktkz4almhf6wu6jg2ma54z7vr5cylrsl4yu2gzuujq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bf1e9d1bb0b5d53567805b0e5f5a9e49b4c07799fd63d1617192f98a68d9a513

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip bf1e9d1bb0b5d53567805b0e5f5a9e49b4c07799fd63d1617192f98a68d9a513

(this sample)

Executable exe bf7094199eb4a7e05b0044219a88f7434532254174e6b6f087299f8deedbfb7a

  
Dropping
MD5 2f8f63f836491d3734a2dce297e3cbb6
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bf7094199eb4a7e05b0044219a88f7434532254174e6b6f087299f8deedbfb7a

Comments