MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a4f1e26aca0da540e9fc296f2b9fef8817a7efda3a85e6fbf43305a5281239d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a4f1e26aca0da540e9fc296f2b9fef8817a7efda3a85e6fbf43305a5281239d
SHA3-384 hash: 662faef0f3b093bc325155527508a278e8083d1a97ce7bc8d34f196e8a2628600eee45db5d378a2aa95cb9cc3b20ff5b
SHA1 hash: 51ab901e1431fc9248b6626dccf20419779e347f
MD5 hash: 273771c48f457808086af1586fa8fc70
humanhash: november-mexico-fanta-xray
File name:NewOrder2-pdf.rar
Download: download sample
File size:1'116'408 bytes
First seen:2020-10-08 12:23:33 UTC
Last seen:2020-10-08 12:23:43 UTC
File type: rar
MIME type:application/x-rar
ssdeep 24576:8WpOWs/vIYQPWQsatfJ8PQIckW7E6DsSHn3Fvra27UCyKlpZRc:/5s/vFMRlTv1vuMLfNq
TLSH 3335337251EB043B6C7F98DB8B6842D59473B622968857001733BC63536F2E2F8A5BC9
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: Core-Esw.Com
Sending IP: 45.137.22.52
From: Fadel Al Shanti <Mohamed.Nabawis@Core-Esw.Com>
Subject: NEW_ INQUIRY
Attachment: NewOrder2-pdf.rar (contains "NewOrder2-pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6a4f1e26aca0da540e9fc296f2b9fef8817a7efda3a85e6fbf43305a5281239d/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 12:25:06 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=njhr4jvmudnfidu7yklpfop67caxu7x5uouf4357imyfuuubeooq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6a4f1e26aca0da540e9fc296f2b9fef8817a7efda3a85e6fbf43305a5281239d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 6a4f1e26aca0da540e9fc296f2b9fef8817a7efda3a85e6fbf43305a5281239d

(this sample)

Executable exe 2acc1fa411a5aefa2ffbf78814683342ad0be18d2097c58eae1d01e8ade2b729

  
Dropping
MD5 e194979fe18d17eb643f3451539ed49b
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2acc1fa411a5aefa2ffbf78814683342ad0be18d2097c58eae1d01e8ade2b729
  
Dropping
SHA256 b6653e57f79216e1b607fc5bec5973e7d7cb10d781bb45588b741aa9533919a5
  
Dropping
MD5 fa66b47ff4b337d0d7363060bf1b757e

Comments