MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e85593d4b29a99360df37980d577953fb49658c8928e6b539fece53fda482ba6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e85593d4b29a99360df37980d577953fb49658c8928e6b539fece53fda482ba6
SHA3-384 hash: d32f2705e75da99afcab7bc8cb06b526e5f00e1d828a94be05be0d1d1b62926e28c70489ac57c99c3f101b53fabf082a
SHA1 hash: 7b6750c7a70453758c2a7bf4ef33a90c236a3407
MD5 hash: 6cd9ef4f8ddd73ef4a1bf16ebf1cfb2b
humanhash: louisiana-avocado-music-queen
File name:PO_201410.IMG
Download: download sample
File size:1'703'936 bytes
First seen:2020-10-16 10:31:35 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:PHLmCiIhkInLL8/4xPvrKnOlupg2hJcjyIexrFETq:Yn/IPz7lcfJcjlexrFET
TLSH 3F750242F6C548B2D5721B312939AB116A7E7C202F34D69FB3DC796D9B321C26630B63
Reporter abuse_ch
Tags:img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.gammadyn.ml
Sending IP: 173.82.88.70
From: Paulo Rick <info@gammadyn.ml>
Reply-To: info@gammadyn.ml
Subject: Sales Order
Attachment: PO_201410.IMG (contains "PO_201410.xls.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.SiggenNET.5.27436.8753.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e85593d4b29a99360df37980d577953fb49658c8928e6b539fece53fda482ba6/
Threat name:
ByteCode-MSIL.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 18:55:11 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5bkzhvfstkmtmdptpgank54vh62jmwgiskhgwu475tst7wsifota._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e85593d4b29a99360df37980d577953fb49658c8928e6b539fece53fda482ba6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img e85593d4b29a99360df37980d577953fb49658c8928e6b539fece53fda482ba6

(this sample)

Executable exe 8f605ce63b7211720f2a1ec7d951a11aa8073bdf8124788119b3b02a2cbb1cd9

  
Dropping
MD5 b52570858170ca3beac5f4737b4d559b
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8f605ce63b7211720f2a1ec7d951a11aa8073bdf8124788119b3b02a2cbb1cd9

Comments