MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0f488f6ff9a753cd65659bdc4375e15acdaba307bcad4c775643aedc6cf07b1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0f488f6ff9a753cd65659bdc4375e15acdaba307bcad4c775643aedc6cf07b1b
SHA3-384 hash: e68164df20971ae27dd2e09ce10ff668af54e7f4bc3dad3035894f0979c106774124a3c9ec631578f459cf9e0f81ae4c
SHA1 hash: 1f8d2dd4299e8976b49fc77e94badd684b6d1c8e
MD5 hash: f2d6753dff86ad0f530789f575d0bc12
humanhash: island-skylark-uranus-nine
File name:Bank Swift.gz
Download: download sample
File size:251'431 bytes
First seen:2020-12-03 08:55:12 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:+IhKByoR5RWg3t5o7B60TL1Ybx9e9UTIpOLLu7o:+IhKBy2Rl0TL1YbTTIpoLu8
TLSH 3934234342C4B389AC4571EB2BD152AF4E919CA51A75A3404E4C8D49E98EF6FFC62EF0
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: bizjournals.com
Sending IP: 185.222.57.177
From: SON LEE <mthomas@bizjournals.com>
Subject: Fwd: Re:Re : TT transfer payment slip
Attachment: Bank Swift.gz (contains "Bank Swift.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0f488f6ff9a753cd65659bdc4375e15acdaba307bcad4c775643aedc6cf07b1b/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Suspicious
First seen:
2020-12-03 08:56:05 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=b5ei637zu5j42zlftpoeg5pbllg2xiyhxswuy52wioxny3hqpmnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0f488f6ff9a753cd65659bdc4375e15acdaba307bcad4c775643aedc6cf07b1b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz 0f488f6ff9a753cd65659bdc4375e15acdaba307bcad4c775643aedc6cf07b1b

(this sample)

Executable exe 53ae2502a9fed69821959a54927023f131c6e62ebc46119d86e2eaad60356827

  
Dropping
MD5 2ace5c4532c77c014a02cc027d725d83
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 53ae2502a9fed69821959a54927023f131c6e62ebc46119d86e2eaad60356827

Comments