MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf873ff3054a91c050b0cb9871d0bfeebbe7ca98b18194be653170dab6d54423. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf873ff3054a91c050b0cb9871d0bfeebbe7ca98b18194be653170dab6d54423
SHA3-384 hash: b8b156c742c0b26405170f80ee3d357e9cdba64cb61ebc32e59cff441f76c17fe740ee03dcb0b414adc4b3dc2272001f
SHA1 hash: 2361c69b3d7794e10700f1da5c10ccc487a51eb1
MD5 hash: 762b08c6aa8bdf082a80f625b93bcede
humanhash: nevada-fifteen-berlin-wyoming
File name:Order Specs.Pdf.img
Download: download sample
File size:1'572'864 bytes
First seen:2020-11-05 09:36:52 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:6QTCo386FXokHD18aTnVVMMY6LkZpgFI4dQ0:6e1htRJI6gDg
TLSH D3759E21E1804833E173263F8C1B9265A9267FB13DB85C453BE43E7C6F79683782569B
Reporter abuse_ch
Tags:img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vm1532797.3ssd.had.wf
Sending IP: 45.14.12.161
From: Ajfer <eissa@jbq-sa.com>
Reply-To: rasti_znaltd@mail.com
Subject: November Products Order
Attachment: Order Specs.Pdf.img (contains "Order Specs.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Variant.Strictor.251080.14026.14761.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cf873ff3054a91c050b0cb9871d0bfeebbe7ca98b18194be653170dab6d54423/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-04 15:47:55 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z6dt74yfjki4aufqzomhduf75256psuywgazjptfgfynvnwviqrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img cf873ff3054a91c050b0cb9871d0bfeebbe7ca98b18194be653170dab6d54423

(this sample)

Executable exe 5026074cb8589625cc6579285ec7ec862f7f6c9616e3a1f5d61329520177cfb8

  
Dropping
MD5 5be38a7ea5f058ecf1fb0417c71c7303
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5026074cb8589625cc6579285ec7ec862f7f6c9616e3a1f5d61329520177cfb8

Comments