MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce8ca575299e642a92b4ad5f8f766704aeece8fece132037ac902fc94b992bc8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce8ca575299e642a92b4ad5f8f766704aeece8fece132037ac902fc94b992bc8
SHA3-384 hash: 0f3f345cf0db6f151893ebc63cbfc7a8d22717415b58352b6330d6f530aacc6b2b6c9cea6ed3078c529ef518b758846a
SHA1 hash: 299f28db7dfbc25179e1c74c0d2f16ab0e01be12
MD5 hash: 18afcf2aa435c2bd187017766cb9994a
humanhash: johnny-foxtrot-north-venus
File name:NEW ORDER.exe
Download: download sample
File size:803'840 bytes
First seen:2020-06-04 04:22:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fc4fc69b8aad99a4ba338f2ddc3b67cf (6 x RemcosRAT)
ssdeep 12288:sTLsqD0iSR50gLgzG/tixxBz4AvQFGXJuRgb4OOikh:sTo2SRugLvi5zJIMQRg
Threatray 5'233 similar samples on MalwareBazaar
TLSH D1059D62F7A044B7D1371B39DC0B9AB8A43BBD116D38554A26EABC0C9F362873537193
Reporter jarumlus

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 18:19:35 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z2gkk5jjtzscvevuvvpy65thasxoz2h6zyjsan5msax4ss4zfpea._file
Verdict:
malicious
Similar samples:
0098bf2ef8230d9bb30b451868272ffb271fe63a8c248bfc9ce569991c19f279
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
179043e8eb7c06144c67f58b2c2900ad10303862c0e5cd7e1fe5a4faf853f103
2bd1995c8c2b3f35906807ce4697151cf801af339579cd7b86e467df6474dafa
5e76ddd6dfa4215c3dbd7269318d15a5e5fae698e65600df0aa3f16639d8fc44
9a1bbd02f1dc5ae62f13a00f38067354bf8a754e72e3ebee49a8b6aaa7b7e41f
9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765
b1ab330d8407adbc0731fd66b869bca53515ccf732d1ad498515e5e04f993de4
b9cd83c667b694ec10f884183b138beeb0f986a7d3c50af463535852f2fa0663
e24de4c134736acb2b1342770c1a9d2402180f58b3c90c2c2bc06d85c6484760
+ 5'223 additional samples on MalwareBazaar
Result
Malware family:
modiloader
Create hunting rule
Score:
  10/10
Tags:
family:modiloader
Link:
https://tria.ge/reports/201109-9lwsxsk8pn/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 77f82641e154fb6f8f10205efb7e1dc1a8d724eed12d6eb4ab12b85f145d5788

Executable exe ce8ca575299e642a92b4ad5f8f766704aeece8fece132037ac902fc94b992bc8

(this sample)

  
Dropped by
MD5 38494c639074f3a33f471bc24793670a
  
Dropped by
SHA256 77f82641e154fb6f8f10205efb7e1dc1a8d724eed12d6eb4ab12b85f145d5788
  
Delivery method
Distributed via e-mail attachment

Comments