MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0d2ceba24c17b069ad6198e0ec0e041e6a39115172d52126d414d5ec0b00487. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0d2ceba24c17b069ad6198e0ec0e041e6a39115172d52126d414d5ec0b00487
SHA3-384 hash: c2582f7136a29170b6e3934f64dc473f7052d208c2637ff24dc9015baaffd57434c2c6329c94960e1dd608fe2129591c
SHA1 hash: 1290e6d4e4f58dd4beafb52f6f9944d37df95e62
MD5 hash: f6b04183d0a33551b69c70deac8f2efc
humanhash: zebra-purple-robin-social
File name:setup.exe
Download: download sample
File size:790'528 bytes
First seen:2020-08-06 09:35:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 81fd276d49dcfb5944ab1253641f139e
ssdeep 12288:SDnvivRUO3vdMn3y132afS8FsDdF3eMb01JQntLOCO8ge1:SDKvj3k3yRFsf3emO8r
Threatray 2 similar samples on MalwareBazaar
TLSH 05F4422656D8B979E3F69B307FF252D3BB69BC523834CC0E11D503090969A42FDA076E
Reporter abuse_ch
Tags:exe Outlook


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: EUR04-DB3-obe.outbound.protection.outlook.com
Sending IP: 40.92.74.108
From: Michael Zinkl <mzinkl@outlook.de>
Subject: Fwd: test
Attachment: MLC Suite June 23 2019.zip (contains "setup.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/40799/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% subdirectories
Sending a UDP request
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
6 / 100
Link:
https://www.joesandbox.com/analysis/413412
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c0d2ceba24c17b069ad6198e0ec0e041e6a39115172d52126d414d5ec0b00487/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ydjm5oreyf5qngwwdgha5qhaihtkheivc4wveetnifgv5qfqasdq._file
Verdict:
unknown
Similar samples:
38307f4ab511bcd3798c910e74f2480fc837b6804407b5d56bc24c6ef8efef50
68f755d572837c3b0ab08005b6c59b0744be391a58d92d9b10d4cd27f03eac4a
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200806-yc2xazl8lx/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c0d2ceba24c17b069ad6198e0ec0e041e6a39115172d52126d414d5ec0b00487

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip d12a61d9bb154d36e3e921eb740b5e33ffd4b40c7db36d5f5fd8af80e1165d67

Executable exe c0d2ceba24c17b069ad6198e0ec0e041e6a39115172d52126d414d5ec0b00487

(this sample)

  
Dropped by
MD5 68b3e398d10ef529407915c8e0b4a370
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/40799/
  
Dropped by
SHA256 d12a61d9bb154d36e3e921eb740b5e33ffd4b40c7db36d5f5fd8af80e1165d67

Comments