MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1189875ad06a5651cbe824997ea5955c222ef6c7f25f479151b12beebd04f9bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1189875ad06a5651cbe824997ea5955c222ef6c7f25f479151b12beebd04f9bf
SHA3-384 hash: 8b4d3278b4b83fb0528b6946d67a4ed0d65c3fbf93f825c34fef268c2604a5c63f1bcfe6e16c230af4cc818432efefd9
SHA1 hash: 197ac057066c88f8095c90fddbb1ccacd222ac9d
MD5 hash: a15d3aecf6b4bda56a931e02c1f0d3b8
humanhash: wisconsin-mirror-fish-ten
File name:Crypt.exe
Download: download sample
File size:11'767'296 bytes
First seen:2020-11-24 08:12:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ff0442450ba91b0d3f62cdbfd451b056
ssdeep 196608:ewXpXFcVeSvmNnbWp7abRoUXcPAO4XIomA3H3qET:ewFPnbkabRokcPAO4XIom2bT
TLSH 89C633C37515282DC890DAF4336D77D8DEAF312247EA7F086CA909479C58FBA6C5E062
Reporter Anonymous

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/545776
Signature
Machine Learning detection for sample
PE file contains section with special chars
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 321983 Sample: Crypt.exe Startdate: 24/11/2020 Architecture: WINDOWS Score: 48 15 Machine Learning detection for sample 2->15 17 PE file contains section with special chars 2->17 6 Crypt.exe 1 2->6         started        process3 process4 8 WerFault.exe 20 9 6->8         started        11 conhost.exe 6->11         started        file5 13 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->13 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1189875ad06a5651cbe824997ea5955c222ef6c7f25f479151b12beebd04f9bf/
Threat name:
Win64.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-24 08:13:06 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201124-5p1dfjcwbe/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
1189875ad06a5651cbe824997ea5955c222ef6c7f25f479151b12beebd04f9bf
MD5 hash:
a15d3aecf6b4bda56a931e02c1f0d3b8
SHA1 hash:
197ac057066c88f8095c90fddbb1ccacd222ac9d
Link:
https://www.unpac.me/results/1522c449-b602-4a5e-8e58-8c5e78ecdb33/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.46
Link:
https://yomi.yoroi.company/submissions/1189875ad06a5651cbe824997ea5955c222ef6c7f25f479151b12beebd04f9bf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments