MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02965941d39eef787b6d2483095f7c5c6eec84a2a97ce4e85eee9e0e610506e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 02965941d39eef787b6d2483095f7c5c6eec84a2a97ce4e85eee9e0e610506e2
SHA3-384 hash: abc98d51ec9751e104176d2d25baf95033f8e0a4c7f5b662867084691a1c0494d7a20e825b6d9a275df1054f4109eba0
SHA1 hash: cd09008ced86ef183c92bb95fedf358c83db903c
MD5 hash: d0fc2a763157c8a866a20d7be5ec1bb4
humanhash: green-sink-louisiana-nuts
File name:4d31ae8690850b8b4e165b8eea9cd245
Download: download sample
File size:659'456 bytes
First seen:2020-11-17 11:28:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ca32bab49df47bdb3e6759b552f5673a
ssdeep 12288:TURDKhCkOH5Tbkinwthnl9YIXQdrUirQQ8KJo45C/ER+oDy/q:Tt+H5TbknQMQSjQUoC/aDy
Threatray 2 similar samples on MalwareBazaar
TLSH F5E4E0523BA1C473C3637132CE924FA9A2B9F7A00E224A437FB55B1DDD7144D4A36E62
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows directory
Creating a service
Launching a service
Creating a process from a recently created file
Running batch commands
Creating a process with a hidden window
DNS request
Sending an HTTP GET request
Creating a window
Sending a custom TCP request
Launching a process
Creating a file
Enabling autorun for a service
Result
Verdict:
0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/02965941d39eef787b6d2483095f7c5c6eec84a2a97ce4e85eee9e0e610506e2/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:29:33 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
a66d1021e54269963e9a54892869d569ffa1c74d9fb1b67f023ea5fdfd90c1a6
c96fb748304f35220cae69a622318ee3e425802dea7387549af4add7ba449b7e
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201117-sbps219ess/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks processor information in registry
Modifies data under HKEY_USERS
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Drops file in Windows directory
Enumerates connected drives
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
646d39a6ecf12029098802494725d8589635275e6c02340f0d3d38e63830a29c
MD5 hash:
37bcb1e4c481dcd855a25300e3440b8e
SHA1 hash:
26511b3ce4cd533fc575074eaf2ade672b30e24d
Link:
https://www.unpac.me/results/a748b715-6f3e-45e5-bbc7-6e5b3870ba16/
SH256 hash:
02965941d39eef787b6d2483095f7c5c6eec84a2a97ce4e85eee9e0e610506e2
MD5 hash:
d0fc2a763157c8a866a20d7be5ec1bb4
SHA1 hash:
cd09008ced86ef183c92bb95fedf358c83db903c
Link:
https://www.unpac.me/results/a748b715-6f3e-45e5-bbc7-6e5b3870ba16/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments