MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0a271b752b19e04e073e63c8927358e15a4a314035cd32a1524e3abcc53a082. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0a271b752b19e04e073e63c8927358e15a4a314035cd32a1524e3abcc53a082
SHA3-384 hash: 6fd523cb1a64ee9772ad0d87f3fbbb0a77f2498fac2ba548ea60feea4cde267840f9ed4606043b7c4cf5cdd879bd9380
SHA1 hash: 67a9c36bac5c02b75768ea9eee38ab79d8f7d092
MD5 hash: 92a636d278c4d158e558c49a59274188
humanhash: pasta-helium-nuts-shade
File name:First Deposit Payment pdf.7z
Download: download sample
File size:600'650 bytes
First seen:2021-04-22 05:48:36 UTC
Last seen:2021-04-23 13:31:35 UTC
File type: 7z
MIME type:application/x-rar
ssdeep 12288:8nC1hs8bBxES309TRCV4YNlg0GPHcd+d2AvuExNFR8DEXJHd:6D8bES3OdCV4Glg0GPxpz6EXJ9
TLSH 5BD4238B752484A8CD08BE3031E56EC1B8FC9154CC4B3236546B6336ABEEB97397572D
Reporter cocaman
Tags:7z


Avatar
cocaman
Malicious email (T1566.001)
From: "<sales@bz-united.com>" (likely spoofed)
Received: "from [62.113.202.77] (unknown [62.113.202.77]) "
Date: "22 Apr 2021 04:18:17 +0200"
Subject: "First Deposit Payment"
Attachment: "First Deposit Payment pdf.7z"

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodRar-A.26587.5144.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b0a271b752b19e04e073e63c8927358e15a4a314035cd32a1524e3abcc53a082/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-04-22 02:13:33 UTC
File Type:
Binary (Archive)
Extracted files:
22
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wcrhdn2swgpajydt4y6isjzvryk2jiyuanongkqvetr2xtctucba._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210422-hslwr6wrwx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/b0a271b752b19e04e073e63c8927358e15a4a314035cd32a1524e3abcc53a082

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

7z b0a271b752b19e04e073e63c8927358e15a4a314035cd32a1524e3abcc53a082

(this sample)

Executable exe dacbe7aca7fdbfcae4a604018f5dc3e182709d5e8eb81a07a454ff376a6b9f25

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dacbe7aca7fdbfcae4a604018f5dc3e182709d5e8eb81a07a454ff376a6b9f25

Comments