MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ddb52a975d84855c94a8355cb9cf2374af6ded30ee7bf7672b1bdb99112afc8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ddb52a975d84855c94a8355cb9cf2374af6ded30ee7bf7672b1bdb99112afc8f
SHA3-384 hash: 1e3c0a8eae50db672ba9c77a9c33da5a9f6700d2cda1dd78e5d1d98386ab38aa8513cd779712e7c2052a19ee211df543
SHA1 hash: 98897d2bbe21dcdbef1a615e2e68ce723640cc7a
MD5 hash: 745b62e8b57f78df556b001059eb9655
humanhash: stream-lactose-bravo-edward
File name:Procedure_001132.rar
Download: download sample
File size:6'255'048 bytes
First seen:2020-10-22 06:27:13 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 98304:qaoyrfXrFDAJYlXBiLe4uVHa/GPqevZg08OJQCNh4hEpApAMbn+Hmgl6vHpN9YSm:ptr/rCkRiK4uV6/GP3vZt/Nh4hyGALmy
TLSH 6156331F3CAA5170E773A2B12A555F43131948E33BCD203B3BC5226C99DF849DD2A9A7
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail1.xcxicheng.com
Sending IP: 159.65.152.153
From: kpantinas@globalization-partners.com
Reply-To: stephen_button022@outlook.com
Subject: 5000 BTC available for sale with 5% discount using daily market price urgent buyers ONLY.
Attachment: Procedure_001132.rar (contains "ulti_final.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ddb52a975d84855c94a8355cb9cf2374af6ded30ee7bf7672b1bdb99112afc8f/
Threat name:
Win32.Trojan.Calliope
Create hunting rule
Status:
Suspicious
First seen:
2020-10-21 22:16:45 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3w2svf25qscvzffigvolttzdosxw33jq5z57ozzldpnzsejk7shq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar ddb52a975d84855c94a8355cb9cf2374af6ded30ee7bf7672b1bdb99112afc8f

(this sample)

Executable exe 4ddfd623ef499cb59cd55be3a72e22acefb23488d1631692baaff001471b2bea

  
Dropping
MD5 64dcf99456b6e6239c6cc5b81ffcf9c8
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4ddfd623ef499cb59cd55be3a72e22acefb23488d1631692baaff001471b2bea

Comments