MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c98384ee0d7c1e829ed8c59de31b70e6793fb3fc4511a0d01545a7dcfb2f3fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BlackShades


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c98384ee0d7c1e829ed8c59de31b70e6793fb3fc4511a0d01545a7dcfb2f3fb
SHA3-384 hash: b2ea943dc0d5c469ad7d714fe8ff46709d76140115aa2bb29bcad2fd331ca02ad2bacc3e2165241de1cb940fdeba22c3
SHA1 hash: 1b601b64f055eec5fb2b6a68198b68d247d14373
MD5 hash: ca6effd7e3aa2fcf30afd9344913af29
humanhash: social-five-potato-april
File name:Partner Letter- DStv and GOtv Price Adjustment October 2020.pdf.zip
Download: download sample
Signature BlackShades
Create hunting rule
File size:558'822 bytes
First seen:2020-10-21 08:52:09 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:anC4EHy9tgTwZU3GQBsdn+sXW2Qmh+H6A0JED+/ZEJbBjWus6WtGb7:RRy9YwZU3LBOrXBlIH10JEC/CJbB8tGf
TLSH E3C4237FD66D2E51D33CCC96B6326757E0136E9844EF5EE0A7D864561C8B220EC820BE
Reporter abuse_ch
Tags:BlackShades RAT zip


Avatar
abuse_ch
Malspam distributing BlackShades:

HELO: standard9.doveserver.com
Sending IP: 209.205.209.34
From: Paga <service@mypaga.com>
Reply-To: Paga <PAGAA@mail.com>
Subject: Paga Price Adjustment Partner Letter
Attachment: Partner Letter- DStv and GOtv Price Adjustment October 2020.pdf.zip (contains "Partner Letter- DStv and GOtv Price Adjustment October 2020.pdf.scr")

BlackShades C2:
grace5321.publicvm.com:7171

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c98384ee0d7c1e829ed8c59de31b70e6793fb3fc4511a0d01545a7dcfb2f3fb/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 06:57:27 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hsmdqtxa27a6qkpnrrm54mnxbztzh6z7yrirudibkrnh3t5s6p5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BlackShades

zip 3c98384ee0d7c1e829ed8c59de31b70e6793fb3fc4511a0d01545a7dcfb2f3fb

(this sample)

BlackShades

Executable exe 134d755b02333887b8e26c7cc309e5ad304376ddc0609c5724f44f7a3bcf1a72

  
Dropping
MD5 8fffb4c64f7a25604157ebb467b18451
  
Dropping
BlackShades
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 134d755b02333887b8e26c7cc309e5ad304376ddc0609c5724f44f7a3bcf1a72

Comments