MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce549b23664282970b694193eef335fba1d71a64d06b81a1f3a3efe5cdafb9a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce549b23664282970b694193eef335fba1d71a64d06b81a1f3a3efe5cdafb9a3
SHA3-384 hash: 357e4f4f4b0b1b3a57d3031778fb3449a571515024d7e174fb1084152e4d8eef9d40a60e77ec455d8aa65a9c1fd9b122
SHA1 hash: 4a92a30daeaf6b88effba8858522b10fcb477b6c
MD5 hash: fd4b00c77e04be20d2cf2ade0921797f
humanhash: beer-india-moon-carpet
File name:PURCHASE ORDER.daa
Download: download sample
File size:704'129 bytes
First seen:2023-03-17 08:07:13 UTC
Last seen:Never
File type: daa
MIME type:application/octet-stream
ssdeep 12288:lEF+bTV23+qb84khOBJQIXHIJrZ08kdGzfjOnXu4m7pDYpB/sTepj6KgdEWv9:jnY3+54u+b2r+dUCeFlUVpj6ZN
TLSH T147E4338FC29B1BB6E4B1F0F46E4F68A22795048D94866534CB724D8CF12E92DCF79784
Reporter cocaman
Tags:daa


Avatar
cocaman
Malicious email (T1566.001)
From: "=?UTF-8?B?IiDlkajokpljYWl0bGluIg==?= <sales18@kingsunfoods.com>" (likely spoofed)
Received: "from kingsunfoods.com (unknown [185.222.57.76]) "
Date: "17 Mar 2023 05:28:21 +0100"
Subject: "Purchase order"
Attachment: "PURCHASE ORDER.daa"

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/64141fe528f6cfd59136aa2b/reports/9d572040-a344-433f-b5f5-c100185d135d/overview
Verdict:
Malicious
Labled as:
MSIL_Kryptik.JBX.gen
Link:
https://www.hybrid-analysis.com/sample/ce549b23664282970b694193eef335fba1d71a64d06b81a1f3a3efe5cdafb9a3
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ce549b23664282970b694193eef335fba1d71a64d06b81a1f3a3efe5cdafb9a3/
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2023-03-17 06:43:51 UTC
File Type:
Binary (Archive)
AV detection:
8 of 39 (20.51%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zzkjwi3gikbjoc3jigj654zv7oq5ogte2bvydiptupx6ltnpxgrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ce549b23664282970b694193eef335fba1d71a64d06b81a1f3a3efe5cdafb9a3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

daa ce549b23664282970b694193eef335fba1d71a64d06b81a1f3a3efe5cdafb9a3

(this sample)

SnakeKeylogger

Executable exe d881da9db40f9e11ada612b949960e934f3c782ef2a18324d96b6ad7f74cfbac

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d881da9db40f9e11ada612b949960e934f3c782ef2a18324d96b6ad7f74cfbac

Comments