MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4037e5b24219d7adaa936d19be9d0d7b2c42385ff8242e011a9aa02094d24454. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4037e5b24219d7adaa936d19be9d0d7b2c42385ff8242e011a9aa02094d24454
SHA3-384 hash: 365de6c84a944d1d55f71e69f2f24d3a607cc93d320efc6424a531a0aa30fe2d0e3b031e17f1e80ae0c47b8f7a3683be
SHA1 hash: 8f395ce41c719a572ac0070dcc52d1900af6667b
MD5 hash: f1db0a2cf6c9d7698bad49f9bd619525
humanhash: alabama-blue-wyoming-green
File name:GAMESPORTSWEAR_20678.PDF.ISO
Download: download sample
File size:1'310'720 bytes
First seen:2020-08-12 15:56:11 UTC
Last seen:2020-08-12 15:56:23 UTC
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:J18du03+l03+2LLixjWTbgsJAwqQn79d:/8du03+l03+S2xjAyQn5
TLSH 9C55D02473A59A23D23A3E36CA77551007B7BC63B539C31E6A8D73CE893439D4D107AA
Reporter abuse_ch
Tags:iso


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: atl4mhob18.registeredsite.com
Sending IP: 209.17.115.111
From: GameSportswear <greg@wilmingtontrophy.com>
Reply-To: pmperfect@protonmail.com
Subject: Invoice 20678 - 7/30/2020 GameSportsWears
Attachment: GAMESPORTSWEAR_20678.PDF.ISO (contains "GAMESPORTSWEAR_20678.PDF.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.RSharedStrings.17212.6809.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4037e5b24219d7adaa936d19be9d0d7b2c42385ff8242e011a9aa02094d24454/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-12 15:58:07 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ia36lmscdhl23kutnum35hinpmweeoc77asc4ai2tkqcbfgsirka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4037e5b24219d7adaa936d19be9d0d7b2c42385ff8242e011a9aa02094d24454

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

iso 4037e5b24219d7adaa936d19be9d0d7b2c42385ff8242e011a9aa02094d24454

(this sample)

Executable exe a25220d36761cb66dd0802e6bc007a963f4d6caea2f1cba85b078171766d6311

  
Dropping
MD5 5d6b01b87783fd49b95ee6570c69ad19
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a25220d36761cb66dd0802e6bc007a963f4d6caea2f1cba85b078171766d6311

Comments