MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c5ef5423e281a468e9f0381327a9635f20626a98054e769fc08dd4270db01e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c5ef5423e281a468e9f0381327a9635f20626a98054e769fc08dd4270db01e4
SHA3-384 hash: 383eff7c79d164210f88fe36e68e1b71c1f7b87727b02c2c79c0c98fe3871376ef78cbb89a12824c563fac8694ba683d
SHA1 hash: 0a1c35f9dbc363be59988ff3e4ba23068a02d478
MD5 hash: 3cb00a681f5043794a10b9d713dedde4
humanhash: november-leopard-carolina-charlie
File name:wydipeq.msi.exe
Download: download sample
File size:696'320 bytes
First seen:2020-07-01 19:12:45 UTC
Last seen:2020-07-01 19:49:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3dbf6c2cd2886e109ef90dcce86638b7 (5 x FormBook, 1 x NetWire, 1 x RemcosRAT)
ssdeep 12288:Qe7+LHvP79bjBoxHyzKXAzgqGD4CdCIJuxd6Ur5IScz5ISF+gAuA1KzqrRUyqqjb:/q779bjBoAzKXAPC4BYX/ebP2Gcjc
Threatray 5'248 similar samples on MalwareBazaar
TLSH AAE4CF21B7D0953BDD5B1BB48C0F6AA86C267DA02E99584F3AF80CCE6B7D361342D153
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/18265/
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c5ef5423e281a468e9f0381327a9635f20626a98054e769fc08dd4270db01e4/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 19:10:53 UTC
File Type:
PE (Exe)
Extracted files:
31
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
017f433a49afcc765c5a5e7f39de6251fbe37d9c98f7d86f1abcefb1a9f559bc
1a96662a743a681756e4ae5ed7a3d259cca5a50725413698c1769939a950b455
40e20cc321623df3271e2ea7cbe75f647096a8a30737d21d0ef8ddbdc33a7f49
4844f86de461d882aa8fba67fe579696bb68e5a5a02d725b2bd9732101f86966
5fe264b8c4222ba077a63cfca668eccf74f2d371fa10e0431a2c618a14d46470
8afd54f2ed0af6d9593b0985cec1604748ca753900859fe4ee225d21b574e55e
8fa8f67945e7ad85b3afc20abed666c8c69e9b0e592b9002c5bb78438d093d3e
c177f9b4bd74ab895e5b56bd2de176fa8eef55435f62a734fabc4a1215980c60
c5ccddfa0f7ee807513279b0195460cd48f3b36f2154c93ff3945fe30c647dde
dda2e0d9e1057b0dd8c64979c045e2909236d3ba0669f490b077547aa0f75827
+ 5'238 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware persistence
Link:
https://tria.ge/reports/200701-fzba1e7fex/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: MapViewOfSection
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Adds Run entry to start application
Checks whether UAC is enabled
Legitimate hosting services abused for malware hosting/C2
Legitimate hosting services abused for malware hosting/C2
Adds Run entry to start application
Reads user/profile data of web browsers
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/18265/

Comments