MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70655c32c0aecbc327b091d01e2af49d7838bc78102c45738f2681c92c27a09b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70655c32c0aecbc327b091d01e2af49d7838bc78102c45738f2681c92c27a09b
SHA3-384 hash: 437b1103a9043d358a6898872d7db227c38ad40d97750bcef669f381c23765f559706a7999e79a6aa0eef91f3cb27386
SHA1 hash: c30c88cce90c71d45d3dc4c10294c0854be6fee6
MD5 hash: 7b7ba66e47fcdc3b829344437d252ce9
humanhash: butter-minnesota-missouri-speaker
File name:Production order List Quotation.pdf.zip
Download: download sample
File size:239'877 bytes
First seen:2021-01-15 15:58:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:jDlrLNikLdH6UHdiKXGAEgKlkRMntn89hea5l3:jDzvMUlzEgKlQu8ea5l3
TLSH 8F34137C324927A3C8B4371E993250BD966BDF5C24D34A073F281B687C1D2FC9A19AA5
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mx3.bangla.net
Sending IP: 203.188.252.14
From: Ms.Annette Sturm <br9631@bangla.net>
Reply-To: aggreko@emirates.net.ae
Subject: Fwd: Notice on the above Quotation and production order #
Attachment: Production order List Quotation.pdf.zip (contains "Production order List Quotation.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
187
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Generic.Starter.3.A7A30C52.939.2306.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/70655c32c0aecbc327b091d01e2af49d7838bc78102c45738f2681c92c27a09b/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-15 15:58:16 UTC
AV detection:
16 of 46 (34.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=obsvymwav3f4gj5qshib4kxutv4drpdycawek44pe2a4slbhucnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/70655c32c0aecbc327b091d01e2af49d7838bc78102c45738f2681c92c27a09b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 70655c32c0aecbc327b091d01e2af49d7838bc78102c45738f2681c92c27a09b

(this sample)

Executable exe 77feba00f6a55111f34c82733f30836d566baf560e3db58b9866caca55d303d8

  
Dropping
MD5 1890133e76ec2fe09839907d1172e605
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 77feba00f6a55111f34c82733f30836d566baf560e3db58b9866caca55d303d8

Comments