MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a4791b8a8c8b47081402827f233094d57de97656de954e50d56fcb74bd2ee42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a4791b8a8c8b47081402827f233094d57de97656de954e50d56fcb74bd2ee42
SHA3-384 hash: b4ef29f082c0823f3bfc3db99e629b40cb3c93581195a13f3d13fff140a7a7ad570fdb6004e47e4d8636ec3acbdb2f0d
SHA1 hash: dae098555b801e543520ea9e0d9668c272d57cab
MD5 hash: 836e56c06f9dd761e2b1233e94c942d1
humanhash: magnesium-football-foxtrot-charlie
File name:QUOTATION.pdf.img
Download: download sample
File size:2'097'152 bytes
First seen:2020-08-05 08:41:40 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:FEy8H2GBuJVJZbi3rs0BFgg3DuDbnD2nSVLadBP9NXKv6fYYt3nK4:FN8Xu1Zbi7nB13D0nDDVSddfYYt3nK
TLSH 7FA5BEC2F5409952CC694E3A8D23EA9443737D6AEF47971234C4BA2B79E34C79F31682
Reporter abuse_ch
Tags:img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: adexec.com
Sending IP: 45.137.22.72
From: sales02@adexec.com
Subject: RE: Italia|| (PO)/Quote and Price list request
Attachment: QUOTATION.pdf.img (contains "Quotation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Backdoor.MSIL.Bladabindi.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4a4791b8a8c8b47081402827f233094d57de97656de954e50d56fcb74bd2ee42/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 08:43:07 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/4a4791b8a8c8b47081402827f233094d57de97656de954e50d56fcb74bd2ee42

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img 4a4791b8a8c8b47081402827f233094d57de97656de954e50d56fcb74bd2ee42

(this sample)

Executable exe e335934e2a17f9fcf2729d12601864af3c3820b7917e1a42e6c1cd2b9365f836

  
Dropping
MD5 7ab234c2e7d80d2fcc81b80df8181353
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e335934e2a17f9fcf2729d12601864af3c3820b7917e1a42e6c1cd2b9365f836

Comments