MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d9f60ff7459183f2c8952d79bf7c0c9cca38d6f17f55af7c13372f2b2a6409ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d9f60ff7459183f2c8952d79bf7c0c9cca38d6f17f55af7c13372f2b2a6409ad
SHA3-384 hash: b9ddc37a593bbeca08d2a2baf96caf8e12473f8d252fc7b825145490ba4df94fafcfedf6da7de8408dac9bdd113913a9
SHA1 hash: 8dec3cb49f32a489b869df65b9dcdd9fa69dca62
MD5 hash: 4bc54f0b3709ff332b18c60240b141b4
humanhash: king-harry-connecticut-skylark
File name:QUOTATION.r13
Download: download sample
File size:874'901 bytes
First seen:2020-11-07 09:56:58 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:C7HD6K6FV8H7p3a0Naa6Jg1fI9dq0Fo2IjVPFK:kH2RFAJa0Nt6JkheojjVNK
TLSH 7215339AAF4695CDC605BE224C083FC355E3A147BF6353C9BFC5624A695905023FB237
Reporter abuse_ch
Tags:r13


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: usa.dupont.com
Sending IP: 156.96.107.215
From: GREG BARDIN <gil.meyer@usa.dupont.com>
Subject: QUOTATION_ Order List (PO# 081927)
Attachment: QUOTATION.r13 (contains "QUOTATION.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d9f60ff7459183f2c8952d79bf7c0c9cca38d6f17f55af7c13372f2b2a6409ad/
Threat name:
Win32.Trojan.DistTrack
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 17:01:37 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3h3a752fsgb7fsevfv4367amttfdrvxrp5k267atg4xswktebgwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar d9f60ff7459183f2c8952d79bf7c0c9cca38d6f17f55af7c13372f2b2a6409ad

(this sample)

Executable exe 97a6b33da5bd1caba8bf16c1a6457bda8b50ccc25d154962e53d437a8c35661f

  
Dropping
MD5 fdea49f0be1d70b6f8d379898a3c88b4
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 97a6b33da5bd1caba8bf16c1a6457bda8b50ccc25d154962e53d437a8c35661f

Comments