MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3abb34c91ba78305ba9b36de16d70d0b2fa4449edac683993c614dcbdc17fc1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e3abb34c91ba78305ba9b36de16d70d0b2fa4449edac683993c614dcbdc17fc1
SHA3-384 hash: 45fc68a2f1aff9e76473404fbc15881ce9b6afc694d912187ac378e129860b108138dd832a696f5b4520d8b5f6ea0ed9
SHA1 hash: 321d806bed43da13e6693986faa20f90f768c5dc
MD5 hash: 0e2de51d6360cfacfe82ae49eb35585f
humanhash: steak-ack-golf-hotel
File name:e-dekont.pdf.img
Download: download sample
File size:2'490'368 bytes
First seen:2020-10-20 11:50:56 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:xOYQZ82fBszISWweJnlkTPPydKAFdk4Nk8iiMBYU92CW:xtqBo6ryuM6NRiiegC
TLSH 32B57C1BE7D282D2C460A7B953B88FF413B0DDCB3111AB7E16057AAC9EB3BC6250B155
Reporter abuse_ch
Tags:geo img TUR ZiraatBank


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server.gmdsa.us
Sending IP: 31.214.245.90
From: ZIRAAT BANKASI <ziraat09@ileti.ziraatbank.com.tr>
Subject: e-dekont
Attachment: e-dekont.pdf.img (contains "e-dekont.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Bulz.147311.30267.19598.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e3abb34c91ba78305ba9b36de16d70d0b2fa4449edac683993c614dcbdc17fc1/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 09:35:45 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ov3gterxj4daw5jwnw6c3lq2czpurcj5wwgqomtyyknzpobp7aq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e3abb34c91ba78305ba9b36de16d70d0b2fa4449edac683993c614dcbdc17fc1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img e3abb34c91ba78305ba9b36de16d70d0b2fa4449edac683993c614dcbdc17fc1

(this sample)

Executable exe 1f1bc6a65867b976dd8cdc00b6519b60b4da65af780f1636c447e5ebca91da96

  
Dropping
MD5 eaf94a5859bed0571d3739d39429c198
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1f1bc6a65867b976dd8cdc00b6519b60b4da65af780f1636c447e5ebca91da96

Comments