MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 49df3157c1960ee545e7c93985eb105f07ae494dec6eb3c078e6cfec20f76709. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 49df3157c1960ee545e7c93985eb105f07ae494dec6eb3c078e6cfec20f76709
SHA3-384 hash: 0ed64d8b861052f3e46d4fdd88f97f7186b5e458da8f57278dd9c1fe6635d6464a1bac3b6a23a277d122c01e5cd98292
SHA1 hash: fe0e838b10c0f47be03d6784dcdbf676c4d9bc69
MD5 hash: 179a590228b033b751cbb2c9ab4a438e
humanhash: four-kitten-helium-alpha
File name:R810235126_FCR Forwarder Cargo Receipt - Draft.zip
Download: download sample
File size:1'817'839 bytes
First seen:2021-01-07 14:04:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:vCIdvEAMgtV3pEHYKApakLDJ0GQOctt8wyiYCTe7E:vdEAJtVZEHYbpXpFQOctt5y9CTe7E
TLSH 7585339FAC4FB1C6AD9AD2EE8EB17DF3D0705551E9E1090F3E0291CCD0140E684B7A6A
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.internethouse.host
Sending IP: 5.189.220.56
From: Angela.Hsu@expeditors.com <admin@internethouse.host>
Subject: Walmart OEM 01/09 結關 1*40ft 出貨通知單 (PO#4500004880) SO#3002 DATA - Revised
Attachment: R810235126_FCR Forwarder Cargo Receipt - Draft.zip (contains "R810235126_FCR Forwarder Cargo Receipt - Draft.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
129
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.bcde8e2e94aff299.10042.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/49df3157c1960ee545e7c93985eb105f07ae494dec6eb3c078e6cfec20f76709/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-07 14:05:08 UTC
AV detection:
10 of 44 (22.73%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jhptcv6bsyhokrphze4yl2yql4d24skn5rxlhqdy43h6yihxm4eq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/49df3157c1960ee545e7c93985eb105f07ae494dec6eb3c078e6cfec20f76709

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 49df3157c1960ee545e7c93985eb105f07ae494dec6eb3c078e6cfec20f76709

(this sample)

Executable exe 52bbd5f868a0a36d7f3ef1d675a8553414cf5057bf2b99b871fec5bcf0720122

  
Dropping
MD5 bcde8e2e94aff299cbef6a91b20bc728
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 52bbd5f868a0a36d7f3ef1d675a8553414cf5057bf2b99b871fec5bcf0720122

Comments