MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef5f87f88b8c1ad0d9c477a38b34a159c2fbfe3a26d4ab93752fb89d7d1624cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Emotet


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef5f87f88b8c1ad0d9c477a38b34a159c2fbfe3a26d4ab93752fb89d7d1624cd
SHA3-384 hash: 817d7c1468ab4b0e26665af05613b43b54c1f720d197bb2291f56fe6d3eb283c9b81aeb0712f2359dee64d0a3d36e0e6
SHA1 hash: 1d7dfd8216616cc786c9dacc1525a5bdcbc695a7
MD5 hash: e38e829ae5ad0b36eff814f1e6b5d80e
humanhash: alanine-missouri-earth-yellow
File name:ORDER06JUL2020.zip
Download: download sample
Signature Emotet
Create hunting rule
File size:632'989 bytes
First seen:2020-07-07 09:07:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:B4FMZ0hDMoy4XRfrUqwv61vLtHJw5mywXC3iDYNi8Gwj9QPGDmjBk5:tf6BfrZwv619NHuisQpeYRjBK
TLSH DCD423B82738239D9A7A9AAD5F082DCEF4708579CB9752709329FCB37730C516211C7A
Reporter abuse_ch
Tags:Emotet zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mgit.mgit.me
Sending IP: 198.57.188.152
From: Purchasing <junu@archtsqatar.com>
Reply-To: dh_derhawk@126.com
Subject: Re:RE:REF#200816:C1090068 R21-441450
Attachment: ORDER06JUL2020.zip (contains "ORDER06JUL2020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Herz.B.18879.21615.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ef5f87f88b8c1ad0d9c477a38b34a159c2fbfe3a26d4ab93752fb89d7d1624cd/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 09:09:07 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=55pyp6elrqnnbwoeo6rywnfblhbpx7r2e3kkxe3vf64j27iwetgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Emotet

zip ef5f87f88b8c1ad0d9c477a38b34a159c2fbfe3a26d4ab93752fb89d7d1624cd

(this sample)

Emotet

Executable exe 5c9b22633bb9c7f20fcd928e0093ac5debd1dabd7f42daa479725b5f2db38e91

  
Dropping
MD5 d15eff3ce503230404b143cbe4a9d84b
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5c9b22633bb9c7f20fcd928e0093ac5debd1dabd7f42daa479725b5f2db38e91

Comments