MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1111af42e570b1bbd9f3b4459839938ddc253c94defe06cbcfe188fe4352d844. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1111af42e570b1bbd9f3b4459839938ddc253c94defe06cbcfe188fe4352d844
SHA3-384 hash: f5c6428d779e079ab1bb97fcf024c1dc2596203140ef8443ab80a74ecc4e9edda57cab0839097f88c3921caab7db8a61
SHA1 hash: c444c647072f78cc602ea7a1f3b8b6219e091aef
MD5 hash: 715dbce2c805c6dc46cabc3d9c6ddfed
humanhash: king-indigo-romeo-stream
File name:NEW OFFER No PO_821557.Doc.z
Download: download sample
File size:688'660 bytes
First seen:2020-10-14 15:12:12 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:g1MIQX9O6aUl7cJE3srtxwn/7JSW453T1hYR5+/ZTM8QomLL4G+p45fsimWBHqVp:MMjNO6/z3MxcjJZ453g5E6ZYGyEdBoea
TLSH 11E433ED70550770DD0468066FAB8FDE5B2964B4CB8C01977FE388C6A2B3DB4096867B
Reporter abuse_ch
Tags:z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: MANAGEMENT <javaid@cyber.net.pk>
Reply-To: Ericgillis60@gmail.com
Subject: NEW OFFER No PO_821557
Attachment: NEW OFFER No PO_821557.Doc.z (contains "76gJAocUSVCetXw.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1111af42e570b1bbd9f3b4459839938ddc253c94defe06cbcfe188fe4352d844/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-14 00:44:32 UTC
AV detection:
12 of 29 (41.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cei26qxfocy3xwptwrczqomtrxockpeu337ans6p4gep4q2s3bca._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1111af42e570b1bbd9f3b4459839938ddc253c94defe06cbcfe188fe4352d844

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

z 1111af42e570b1bbd9f3b4459839938ddc253c94defe06cbcfe188fe4352d844

(this sample)

Executable exe 72d119f2e637939b29d3399f95d617148fd2c5ef09e21e985a52108e53e4a5b2

  
Dropping
MD5 cde3f784bb23e56a890738d00c17e10d
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 72d119f2e637939b29d3399f95d617148fd2c5ef09e21e985a52108e53e4a5b2

Comments