MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f76d2ddf23320bee3f76fd2d4967e5b95b45674eaa690a5cbf7cb6e7ce66ad1e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f76d2ddf23320bee3f76fd2d4967e5b95b45674eaa690a5cbf7cb6e7ce66ad1e
SHA3-384 hash: af5b5b7929e6ae42908410cca86dbbca88ae92b155f98485e882ec1e58bff78afe4e29126d8e63ce2c3a6e42733535f9
SHA1 hash: edde9dd86a9f815c831f62b5b852c511815ba940
MD5 hash: 13584fb80edd408206024482b33027e4
humanhash: nineteen-venus-ohio-michigan
File name:WESMAC_PO from Omegabv.rar
Download: download sample
File size:259'846 bytes
First seen:2020-08-07 13:27:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:nMJMQ5KCNEyA/K7L8kS0liyV4/+SeklWgy+DQR3bRtvEnG74:M2QIUXrvliyV4mdEZsRTvr74
TLSH 444423DED25B8DF8DF7FCCF2B40B688E08F2CB2605D1B6C092A9419815B49A9FD50D64
Reporter abuse_ch
Tags:HostGator rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gateway20.websitewelcome.com
Sending IP: 192.185.64.36
From: Van Dijk <sales4@chinaweinuo.com>
Subject: Re: ORDER OF GOODS_WESMAC_PO from Omega BV,
Attachment: WESMAC_PO from Omegabv.rar (contains "WESMAC_PO from Omegabv.com")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f76d2ddf23320bee3f76fd2d4967e5b95b45674eaa690a5cbf7cb6e7ce66ad1e/
Threat name:
ByteCode-MSIL.Trojan.Hesv
Create hunting rule
Status:
Malicious
First seen:
2020-08-07 13:29:07 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=65ws3xzdgif64p3w7uwusz7fxfnukz2ovjuquxf7ps3opttgvupa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f76d2ddf23320bee3f76fd2d4967e5b95b45674eaa690a5cbf7cb6e7ce66ad1e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar f76d2ddf23320bee3f76fd2d4967e5b95b45674eaa690a5cbf7cb6e7ce66ad1e

(this sample)

Executable exe 28a945b0afb49fe99da8a39746a00b93c1a2c0d5b8735e11d8617bd696b2f199

  
Dropping
MD5 c1dd1199eff02d160e47cb7c8a4ad20f
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 28a945b0afb49fe99da8a39746a00b93c1a2c0d5b8735e11d8617bd696b2f199

Comments