MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00add513540a700c1a3ec638576d80dd56f124d1fe030ae7d37ca06f791f3164. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Adware.Generic

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	00add513540a700c1a3ec638576d80dd56f124d1fe030ae7d37ca06f791f3164
SHA3-384 hash:	4b4331dd5e87861eb15d663958e6ad8c9a222bd1d827851c0efe413985d24eede1e6ad082d720689249c89088bbde918
SHA1 hash:	24b6cebd739015379f43b42eea3bd67bc54bc338
MD5 hash:	3dba528511b993ef57cd80d8ea26118b
humanhash:	floor-rugby-fanta-georgia
File name:	SOC_407092735.exe
Download:	download sample
Signature	Adware.Generic Create hunting rule
File size:	408'689 bytes
First seen:	2020-06-25 13:42:42 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	7c2c71dfce9a27650634dc8b1ca03bf0 (160 x Loki, 58 x Formbook, 55 x Adware.Generic)
ssdeep	12288:ManEAOsv4TTvef+Wi8yKxliSqeoxOqbiAd4:UAtGef+Wi8yoiL9iAO
Threatray	638 similar samples on MalwareBazaar
TLSH	95941253D26080D3D06343F094BE1FBA426BBD55685A170B83B23963397B7CB891F7A2
Reporter	James_inthe_box
Tags:	Adware.Generic exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

104

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Blackrat

Link:

https://www.capesandbox.com/analysis/14369/

Detection(s):

Sanesecurity.Rogue.0hr.20200625-0908.UNOFFICIAL

PUA.Win.Downloader.Soft32downloader-6691270-0

SecuriteInfo.com.Artemis162931E90DCF.4593.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Creating a file

Creating a file in the %AppData% subdirectories

Launching a process

Creating a window

Transferring files using the Background Intelligent Transfer Service (BITS)

Enabling the 'hidden' option for recently created files

Moving a file to the %AppData% subdirectory

Using the Windows Management Instrumentation requests

Reading critical registry keys

Stealing user critical data

Unauthorized injection to a system process

Enabling autorun with Startup directory

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/00add513540a700c1a3ec638576d80dd56f124d1fe030ae7d37ca06f791f3164/

Threat name:

Win32.Trojan.Wacatac

Status:

Malicious

First seen:

2020-06-25 13:42:20 UTC

File Type:

PE (Exe)

Extracted files:

24

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=acw5ke2ubjyaygr6yy4fo3ma3vlpcjgr7ybqvz6tpsqg66i7gfsa._file

Verdict:

malicious

Similar samples:

0e4c5cf2d1d60e4931c7af6021073006379935d688f5f55ad21fb29844d75a5a

0f24e222f76b19a0f1995c70e3711ab2b1c7e3f41c5e915796e767fce361e2e3

3c81bde8d413cadc04efa32c2754918d4a1a9c43a60181e7907cca8d31107826

581ccb74a37077703bcc314447ce7dfeec42832bad81225f1be6c214ca9bf51d

5c63c2887891a56e0465251c8112ce7a07fc70e782dbc2e80f45f670294d4285

5e23eed104a5bd67c8ae3abe1f3554abac8500bf9f916992df36246b06f14419

7ef7ff0660d406b237fd3253738d60a294c0273ca1436cf9ba87d5b2ea8d62d8

9f06ce1718cfa4e73366f82c9488b7a4aad4ddede7d7b3b51d44667607a3961c

c2f42cfcfafad77546d57cbfde6a6f4c1c75d684a81304d1ec901285b1873bd3

cfd29866a9e618985b15c779e0ac0ad8e09a9e997774c0d2fe18f00f8110a24a

+ 628 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200625-ljgl3pj9g6/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/14369/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample