MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0af8b2d74efa0d23f12b04984c7079a9723835c1b2d3e5961118e95158188163. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0af8b2d74efa0d23f12b04984c7079a9723835c1b2d3e5961118e95158188163
SHA3-384 hash: f5ef6ba995590857e87d9a7c4c20631716eb4d08087a7698e20c73f73f1075b64b6008d73b671abbd53934311e320ff3
SHA1 hash: 3f121953142223d1add7479fe6c3552d4dcf1d0a
MD5 hash: 9b520817de28d7b5f427e3dda88028a0
humanhash: august-oxygen-paris-beer
File name:voice_message02100.img
Download: download sample
File size:2'883'584 bytes
First seen:2022-04-29 10:38:45 UTC
Last seen:2022-04-29 11:09:28 UTC
File type: img
MIME type:application/x-iso9660-image
ssdeep 49152:Auq4dJ0yTRzz/z4H+xaJuU39Y+3n0R9E:Auq4L7FHaJPf0Ra
TLSH T160D5E02075339E36EAA305B28EBBD55D562CAC8903D534DB93C8E85F0A349E12F35C5E
TrID 99.4% (.NULL) null bytes (2048000/1)
0.2% (.ISO) ISO 9660 CD image (5100/59/2)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
Reporter cocaman
Tags:img


Avatar
cocaman
Malicious email (T1566.001)
From: ""karschcapital.com - voicemail system" <mashburn@driggstitle.com>" (likely spoofed)
Received: "from web01.hostingformule.cust.rootnet.nl (web01.hostingformule.cust.rootnet.nl [185.173.21.81]) "
Date: "Mon, 25 Apr 2022 16:36:11 +0000"
Subject: "You have a new message from someone in your phonebook"
Attachment: "voice_message02100.img"

Intelligence

File Origin
# of uploads :
3
# of downloads :
181
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.27565.17046.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe greyware overlay packed
Link:
https://www.filescan.io/uploads/626bc047c3df631b32c013c9/reports/14fe5937-43b0-4a1f-b1db-d1748ae431f9/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0af8b2d74efa0d23f12b04984c7079a9723835c1b2d3e5961118e95158188163/
Threat name:
Win32.Trojan.Witch
Create hunting rule
Status:
Malicious
First seen:
2022-04-25 18:22:08 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
12 of 42 (28.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bl4lfv2o7igsh4jlasmey4dzvfzdqnobwlj6lfqrdduvcwayqfrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0af8b2d74efa0d23f12b04984c7079a9723835c1b2d3e5961118e95158188163

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img 0af8b2d74efa0d23f12b04984c7079a9723835c1b2d3e5961118e95158188163

(this sample)

Executable exe bc2c5aac27aaaf644147f10e1ad1d43e01ad4cd63787923f6bc81def10067b4b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bc2c5aac27aaaf644147f10e1ad1d43e01ad4cd63787923f6bc81def10067b4b

Comments