MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2eb435f1d3884e0fce4447ac94965ffff4be5f6744cb35653330f5c980106f0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2eb435f1d3884e0fce4447ac94965ffff4be5f6744cb35653330f5c980106f0e
SHA3-384 hash: 4c064a606d3912a0cfcf945ee27bce9c8af7a6c8f3e2cf5d84c5e4efe91ae28c9e1b46018f9acf57150ba53e6a925fd1
SHA1 hash: 98afd04a494dc7ec0c8a9093113a7354ed69f99e
MD5 hash: b6cf517388dab79e9d5127a1f866c4b5
humanhash: fillet-seventeen-pasta-solar
File name:OC_00059837.cab
Download: download sample
File size:759'698 bytes
First seen:2021-03-10 08:43:51 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:B4kdBYQFfDLMfk7wa2D8IhUy4G/4Sfq2tDhLJjWgFvj5/mwzUq55mqiUW+tQYxb5:NBYQFfwH8IhUyx/EijW0vdUqOUW+tpx9
TLSH B2F42328340B6C29D1B7D73820EE2AD894E8B6EB3887505EE5591D1361E25C5223FFE3
Reporter abuse_ch
Tags:cab HostGator


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gateway32.websitewelcome.com
Sending IP: 192.185.145.122
From: Miguel Fernandez <contabilidad@corporacionup.com>
Subject: ORDEN DE COMPRA
Attachment: OC_00059837.cab (contains "OC_00059837.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Bulz.387573.28508.1884.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-09 20:45:17 UTC
AV detection:
6 of 47 (12.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f22dl4otrbha7tsei6wjjfs7772l4x3hitftkzjtgd24taaqn4ha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2eb435f1d3884e0fce4447ac94965ffff4be5f6744cb35653330f5c980106f0e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

cab 2eb435f1d3884e0fce4447ac94965ffff4be5f6744cb35653330f5c980106f0e

(this sample)

Executable exe 378a43b4576b7d9a7bf424295f83cee901ad8347351285a3dc0708d78312a4cc

  
Dropping
MD5 50aee2af0ce78ea1907f631724fb0376
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 378a43b4576b7d9a7bf424295f83cee901ad8347351285a3dc0708d78312a4cc

Comments