MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1171d9a3aa5f8dba8882c81e2e4f8119f70e4caeb843ace18d09bb60b805cc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1171d9a3aa5f8dba8882c81e2e4f8119f70e4caeb843ace18d09bb60b805cc7
SHA3-384 hash: bea8c55a1097e011b6a1475078af7932f2e202e3f0edf46d0c5e7f9b63e4d97429ee1636e779fbece824d07f65f7250d
SHA1 hash: c4b901a2ee383aecb80bfbf7eb63bd6a8ad61979
MD5 hash: 2ef0d4fbb92996d549d42605368e8f05
humanhash: yellow-illinois-harry-william
File name:Shipment address.zip
Download: download sample
File size:931'276 bytes
First seen:2020-10-19 10:30:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:7B9tt6w8Fycm8cYewQH5N4H9N5/KaeAmTH1L56g8S+Pd2Y5FG6SZ:7n4Ftm8lQZeH9N5/KaVmT5Slj5Fg
TLSH 44152302D3D422AFEE7B8DDDC3978DB774908971643495F828C88719F63BAE4023295B
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: dd24812.kasserver.com
Sending IP: 85.13.146.44
From: Quality Engineering Products <info@badrenovierung-ehmann.de>
Reply-To: snambrath.almandoos@bk.ru
Subject: Re: Payments - October Invoices
Attachment: Shipment address.zip (contains "Shipment address.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d1171d9a3aa5f8dba8882c81e2e4f8119f70e4caeb843ace18d09bb60b805cc7/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 06:13:58 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2elr3gr2ux4nxkeifsa6fzhycgpxbzgk5ocdvtqy2cn3mc4altdq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tnega
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d1171d9a3aa5f8dba8882c81e2e4f8119f70e4caeb843ace18d09bb60b805cc7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip d1171d9a3aa5f8dba8882c81e2e4f8119f70e4caeb843ace18d09bb60b805cc7

(this sample)

Executable exe ee2a265b6c4ca43740667e85553b24404ecb0742d44e7519fd2bc2e5606c8148

  
Dropping
MD5 80f3b7f859ecd4d819354c283c0c27a6
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ee2a265b6c4ca43740667e85553b24404ecb0742d44e7519fd2bc2e5606c8148

Comments