MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9d248df48f74f94727027117400b04ee9feafc6fc4ad0bb206d0b52fb2172d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


XpertRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9d248df48f74f94727027117400b04ee9feafc6fc4ad0bb206d0b52fb2172d9
SHA3-384 hash: 5578a1f3867fd6ded17afe038371a51ae57032ed2f17c06333c4150f4e2221e29a2b857f2330b160ca8c4b287f0a84d9
SHA1 hash: d8d2ead29935f12c3de584e22b35798c6da96c59
MD5 hash: 2a07e6b07892e979c0660cf5fa8c25a2
humanhash: uranus-sad-oklahoma-ink
File name:ES174028911-035110-sanlccjavap0004-1_pdf.gz
Download: download sample
Signature XpertRAT
Create hunting rule
File size:418'140 bytes
First seen:2020-11-09 16:13:21 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:uEgQdWFgGKsSfODuKIzZCH/uy6RcD9KWNSjR/Lcog:BgQIFmfuLW8H6o9KNRzcog
TLSH B39423A8F93EBAB880B475BD403BCFA9D7E46154D76811CE8CA1FDEA58A04738E4540D
Reporter abuse_ch
Tags:ESP geo gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: lnx002.plus4web.com
Sending IP: 80.93.214.55
From: Grupo Santander <fycout@gruposantander.es>
Subject: Notificación de demora de remesas.
Attachment: ES174028911-035110-sanlccjavap0004-1_pdf.gz (contains "ES174028911-035110-sanlccjavap0004-1_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c9d248df48f74f94727027117400b04ee9feafc6fc4ad0bb206d0b52fb2172d9/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zhjerx2i65hzi4tqe4ixiafqj3u75l6g7rfnbozanufvf6zbolmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c9d248df48f74f94727027117400b04ee9feafc6fc4ad0bb206d0b52fb2172d9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

XpertRAT

gz c9d248df48f74f94727027117400b04ee9feafc6fc4ad0bb206d0b52fb2172d9

(this sample)

XpertRAT

Executable exe daf3291e47f8659d58a505b5ed585987018001e08827f3aff1ab0bb860bd5c80

  
Dropping
MD5 a7433aeec10caba2de9978e0de200cc3
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 daf3291e47f8659d58a505b5ed585987018001e08827f3aff1ab0bb860bd5c80

Comments