MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa5af35bd8e3ec9e11c57a29627f52df0722194f9f2477b403c2a3e487db0fce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa5af35bd8e3ec9e11c57a29627f52df0722194f9f2477b403c2a3e487db0fce
SHA3-384 hash: d285218fc5919dc14e34dbfe08020169ceb4a84e9373c1fd13079c88dd46f336b9d0690f3587fcc0364756187f410a98
SHA1 hash: dd1062c685ce6a4e0986dcd504fb41b483fb4d9a
MD5 hash: 04cbb1948670b197f0585a2589fb4988
humanhash: failed-blossom-asparagus-bulldog
File name:Ficha OMS - Reserva Medicos.rar
Download: download sample
File size:231'117 bytes
First seen:2020-06-18 12:48:58 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:/QXUUr5+ViGa69ui0qVLwiuBlq9gg1cMAeXgSbyJ1lVO8:IXUUr5oiGL9TtFuDqGgCFEbyFVD
TLSH 1B34236301670497E0724EF893E38568572DE4F1373282DCBB9A819D8928E82FF5D56F
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: smtp-vm-badsender.pro-smtp.fr
Sending IP: 217.171.20.84
From: <bestcoreservations@outlook.com>
Subject: SolicitaƧao de Reserva
Attachment: Ficha OMS - Reserva Medicos.rar (contains "Ficha OMS - Reserva Medicos.exe")

Unknown payload (PowerShell):
https://www.dropbox.com/s/z577d4qayfl3roh/Nv%20bolud.txt?dl=1

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 13:36:47 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7jnpgw6y4pwj4eofpiuwe72s34dsegkpt4shpnadykr6jb63b7ha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar fa5af35bd8e3ec9e11c57a29627f52df0722194f9f2477b403c2a3e487db0fce

(this sample)

Executable exe c7962bac550ffe20ff69bbcecea355ea9689fa1e76506d3d8343f1b1f5619706

  
Dropping
MD5 6781bcd642bc0323b4ca6a5228812f10
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c7962bac550ffe20ff69bbcecea355ea9689fa1e76506d3d8343f1b1f5619706

Comments