MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1ee9d13967b67852dd52969749439771274e97d4779eb8fde14bdcbd71848a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1ee9d13967b67852dd52969749439771274e97d4779eb8fde14bdcbd71848a8
SHA3-384 hash: 2f7178a22abc388af3582c8e4e41cc66e23e7bd635b33b10c9da4551e18c8045809b8ecd3f8c2a77317a78c70fb57bec
SHA1 hash: 760c43fd57289053f0df8f38476c95653b71bcd2
MD5 hash: 1de9cd0cbc1f665b959ddb33b84a2d9a
humanhash: pennsylvania-black-oscar-moon
File name:Product List.gz
Download: download sample
File size:618'631 bytes
First seen:2021-04-08 15:49:49 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:lOp0vtl5kHtnxwILkDrEVyzhOqDC8YaOE+Uml5mV3xuuieM:aiT/EVyz3Jt/bhbM
TLSH AAD423EA568D0EFE7BE0736CFAE54D590D5D3080AFBF05A1B5A28D91DCE4D091B26300
Reporter abuse_ch
Tags:GoDaddy gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: p3plsmtps2ded01.prod.phx3.secureserver.net
Sending IP: 208.109.80.58
From: Francisco Rico - Cobra Sales <info@psicoalcala.es>
Reply-To: me <testing@bhavnatutor.com>
Subject: Requesting A Quote
Attachment: Product List.gz (contains "gunzipped")

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.10371.11638.9156.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c1ee9d13967b67852dd52969749439771274e97d4779eb8fde14bdcbd71848a8/
Threat name:
Win32.PUA.Wacapew
Create hunting rule
Status:
Malicious
First seen:
2021-04-08 15:59:53 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yhxj2e4wpntyklovffuxjfbzo4jhj2l5i546xd66cs64xvyyjcua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c1ee9d13967b67852dd52969749439771274e97d4779eb8fde14bdcbd71848a8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz c1ee9d13967b67852dd52969749439771274e97d4779eb8fde14bdcbd71848a8

(this sample)

Executable exe 49bc379defa69635c1d23bff9f7faf3721a2dba25c3035af862734c1c87a10f8

  
Dropping
MD5 c0c002d54d49f3bd1ddfa9f23560a710
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 49bc379defa69635c1d23bff9f7faf3721a2dba25c3035af862734c1c87a10f8

Comments