MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c82e474e76b1641ab73aafe25ebe9f509a27997a3d4e76015c5eabca15acdc63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 3 Yara 3 Comments

SHA256 hash: c82e474e76b1641ab73aafe25ebe9f509a27997a3d4e76015c5eabca15acdc63
SHA3-384 hash: 023315049116440baedb356268a398edd5476e7fcc79d6c0e42f01b37c27d995a545019fe33136dbbff45cf5950a4290
SHA1 hash: 6e3a4701d83d60e703c5641ce209a3cc61875bb1
MD5 hash: 3c409356f954ac50a25de19954bbf681
humanhash: green-violet-harry-ink
File name:Factura de pago.exe
Download: download sample
Signature n/a
File size:817'152 bytes
First seen:2020-06-30 17:55:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 175f794d98c9dcb0b47ae1ab1087c22c
ssdeep 12288:q1JUuXUn6wUN4KSgqJ6wWska30/jgrTfz8BYnKFvkpzoMTK9tzxbz/sGqh:6OPXUWD6wEc0bp8RoMTKTN8
TLSH A1057D22E2F28837D1732A788D5BB395B83ABE103D7858467BE50D485F396417C352AF
Reporter @abuse_ch
Tags:exe


Twitter
@abuse_ch
Malspam distributing unidentified malware:

HELO: redrilsa.com.pe
Sending IP: 23.83.133.74
From: contadora <tsocial.ehuaroc@redrilsa.com.pe>
Subject: Re:Factura de pago
Attachment: Factura de pago.arj (contains "Factura de pago.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 36
Origin country US US
CAPE Sandbox Detection:Phoenix
Link: https://www.capesandbox.com/analysis/17503/
ClamAV PUA.Win.Adware.Slugin-6803969-0
PUA.Win.Adware.Slugin-6840354-0
SecuriteInfo.com.Trojan.Delf.FareIt.Gen.4.12257.1718.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/c82e474e76b1641ab73aafe25ebe9f509a27997a3d4e76015c5eabca15acdc63/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Injector
First seen:2020-06-30 17:56:06 UTC
AV detection:26 of 31 (83.87%)
Threat level:   5/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   8/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-dc8lpcqb92/
Tags:spyware
VirusTotal:Virustotal results 41.10%

Yara Signatures


Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:MAL_Envrial_Jan18_1
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:win_404keylogger_g0
Author:Slavo Greminger, SWITCH-CERT, Daniel Plohmann <daniel.plohmann<at>fkie.fraunhofer.de>

File information


The table below shows additional information about this malware sample such as delivery method and external references.

c739d17137f6c4434b8c46909967f4ca

Executable exe c82e474e76b1641ab73aafe25ebe9f509a27997a3d4e76015c5eabca15acdc63

(this sample)

  
Dropped by
MD5 c739d17137f6c4434b8c46909967f4ca
  
Delivery method
Distributed via e-mail attachment

Comments