MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c6fe81df56d72c68cc024b1f0fd2cfff15d5357532e095715c2ee5112f5bf5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c6fe81df56d72c68cc024b1f0fd2cfff15d5357532e095715c2ee5112f5bf5f
SHA3-384 hash: 2d7496ecadd1fc5b2df569574682fdb064114b53aceb6c92f0fc1f0ccedacc35c46d4a4970dcf08588230157acd25cdd
SHA1 hash: 417af58eed8cf5d669e1069adc7ba12bb0ba18ed
MD5 hash: 16b80fc3a749a2c4a0cd9b23225ae106
humanhash: edward-april-minnesota-kansas
File name:Payment_Invoice.zip
Download: download sample
File size:930'355 bytes
First seen:2020-10-19 09:54:17 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:D8s6rfIsjtv2HUIzixVlziF7uC1GEFbImqr7Nt:D8skAm4ziNm71GEt2/H
TLSH 37153347700F6D07AA3659D9C4EF9C28751A00F158A3A7D1065C0FA6ACF77EE49E87E0
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: dd48220.kasserver.com
Sending IP: 85.13.164.135
From: Quality Engineering Products <christiane.helf-marx@akadia-akademie.de>
Reply-To: snambrath.almandoos@bk.ru
Subject: Re: Payments - October Invoices
Attachment: Payment_Invoice.zip (contains "Payment_Invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.2231.19551.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c6fe81df56d72c68cc024b1f0fd2cfff15d5357532e095715c2ee5112f5bf5f/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 05:08:51 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rrx6qhpvnvzmndgaesy7b7jm77yv2u2xkmxasvyvylxfcexvx5pq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8c6fe81df56d72c68cc024b1f0fd2cfff15d5357532e095715c2ee5112f5bf5f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 8c6fe81df56d72c68cc024b1f0fd2cfff15d5357532e095715c2ee5112f5bf5f

(this sample)

Executable exe c169469e2e32039ff3830a8e17bad2444a876e96935b6d925cb2d07353c804c5

  
Dropping
MD5 b26cdef5f715b872df099b0184dc004d
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c169469e2e32039ff3830a8e17bad2444a876e96935b6d925cb2d07353c804c5

Comments