MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c44ed219732b0cb05516166bb29c06de357d5e4bfe6f80fae0c331f1c3ae0549. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c44ed219732b0cb05516166bb29c06de357d5e4bfe6f80fae0c331f1c3ae0549
SHA3-384 hash: 046b0683792325e4d15c10e10953d134f690b9e860c4978461e350502ce700f5956b87011916e9fa4b031bbd91c6c104
SHA1 hash: 4b95a06d17a9dd0316e4520ab65e9d357e46ce88
MD5 hash: 46a23ad458ad240f017b38719236f7ca
humanhash: orange-six-queen-seven
File name:BL COPY.r00
Download: download sample
File size:840'138 bytes
First seen:2020-12-17 08:32:05 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 24576:cHvhrqGwIJGQx/6UHibA/4JFL3R0uFT9lIgyq:cPJcQsSomGFFVTbj
TLSH 9205338CD496BB97F2AA7F275E49C868FE6C98027D4872CFD0C5C89B8E3755103017A8
Reporter abuse_ch
Tags:r00


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: Sajid Zahid <orrdig5@cyber.net.pk>
Reply-To: pramod@novusgreen.in, orrdig5@cyber.net.pk
Subject: B/L DRAFT FOR PI-344// Sales Contract for 4 fcl Urad FAQ 2020 Crop_ANIL RAMCHANDRA PUROHIT
Attachment: BL COPY.r00 (contains "BL COPY.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c44ed219732b0cb05516166bb29c06de357d5e4bfe6f80fae0c331f1c3ae0549/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-17 08:33:05 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yrhnegltfmglaviwczv3fhag3y2x2xsl7zxyb6xaymy7dq5oaveq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c44ed219732b0cb05516166bb29c06de357d5e4bfe6f80fae0c331f1c3ae0549

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

r00 c44ed219732b0cb05516166bb29c06de357d5e4bfe6f80fae0c331f1c3ae0549

(this sample)

Executable exe 0d03382dc9f8a0cbe7657da9f41c7ae26073bcebb74094468acd7cf31e546829

  
Dropping
MD5 4d80615f96b90391394f32d176f125af
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0d03382dc9f8a0cbe7657da9f41c7ae26073bcebb74094468acd7cf31e546829

Comments