MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df3564437efaa193ce7a7ff870d1888301820dda432dfb5c917c3caa54041508. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df3564437efaa193ce7a7ff870d1888301820dda432dfb5c917c3caa54041508
SHA3-384 hash: 25b7f809319715e6d6c04c35dab87cc54fcfcf40b3655acf40f63fb86e0699b2a18fed36f1117e672780b42e139fff40
SHA1 hash: 9385fbf033e059f4772c83b3674c2f5d667e2c83
MD5 hash: 86829a39c1f61a02f5589befea5198d2
humanhash: lithium-network-nitrogen-early
File name:Enq No.BPC-9840117.cab
Download: download sample
File size:931'550 bytes
First seen:2021-03-25 10:13:52 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:CXFXTsbvBppRQMdpjCgrSMiWgmCOwdcmFU0ZCK:aIbnTZWguMFWTcmu0Zr
TLSH EB15334EC5A4E203F6EEF3EE7AC3E6C8DDE3045FEA710072A605682E64F47352194522
Reporter abuse_ch
Tags:cab


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ir.uitn.ir
Sending IP: 185.2.13.217
From: Soroosh Borzoo <s.borzoo@ariatajhiz.com>
Subject: Enq No.BPC-9840117 / URGENT
Attachment: Enq No.BPC-9840117.cab (contains "Enq No.BPC-9840117.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
132
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/df3564437efaa193ce7a7ff870d1888301820dda432dfb5c917c3caa54041508/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-03-25 10:14:08 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=342wiq367kqzhtt2p74hbumiqmayedo2imw7wxerpq6kuvaecuea._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/df3564437efaa193ce7a7ff870d1888301820dda432dfb5c917c3caa54041508

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar df3564437efaa193ce7a7ff870d1888301820dda432dfb5c917c3caa54041508

(this sample)

Executable exe bef454e332e2f3de22ad0612f8bc8ef70eac3809db0af6a2773e2d1d9bfecd3f

  
Dropping
MD5 390b782d0312360148291f8150239049
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bef454e332e2f3de22ad0612f8bc8ef70eac3809db0af6a2773e2d1d9bfecd3f

Comments