MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3500dd35a63507c98f28f8cb93920fb632e8b46b903662e941001666fa27dcf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3500dd35a63507c98f28f8cb93920fb632e8b46b903662e941001666fa27dcf
SHA3-384 hash: 225b3495e0f08ef9b02b6b455dae833bcf0947b1cc3cc3c080e2549d6cdbfc5ef06f54cb1a81a61d9db6dbe0c514203c
SHA1 hash: 4392876faefdc20bdebbbd82e06f77fb92e4ee40
MD5 hash: bfd9cf7043b7490b13a60d4c10612677
humanhash: hamper-delta-king-nineteen
File name:DHL Tracking.zip
Download: download sample
File size:328'556 bytes
First seen:2020-12-28 17:39:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:+VmC4cBrHRrhX1q4GJA9fmHt/VCSK3hw1l0bk0uJQMo0y+lqKHTonkVybDYRhH:mmC4cx5e4YA9fmN/chINOMo08qknHvYv
TLSH 5564236C554A1F4F2CDD28FD9B13E15A03D81AF726447440AE8FB3F7D05A282EE5B90A
Reporter abuse_ch
Tags:DHL zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server.ninja-host.com
Sending IP: 5.189.132.239
From: DHL Customer Service<info@iccl-eg.com>
Reply-To: <fedny2016@gmail.com>
Subject: Re: DHL Invoice attached !!!
Attachment: DHL Tracking.zip (contains "DHL Tracking.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
162
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c3500dd35a63507c98f28f8cb93920fb632e8b46b903662e941001666fa27dcf/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-12-28 17:40:07 UTC
AV detection:
19 of 46 (41.30%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ynia3u22mnihzghsr6glsoja7nrs5c2gxebwmluucaawm35cpxhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c3500dd35a63507c98f28f8cb93920fb632e8b46b903662e941001666fa27dcf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip c3500dd35a63507c98f28f8cb93920fb632e8b46b903662e941001666fa27dcf

(this sample)

Executable exe 43ca8605af17f08bd6e9dc30aa7ab1d206d501160040e5a8a085f46d2e01f2c9

  
Dropping
MD5 8c5e74cc1b2e3add30fbc32df07f9735
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 43ca8605af17f08bd6e9dc30aa7ab1d206d501160040e5a8a085f46d2e01f2c9

Comments