MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 29b10facf712978e41161daf15235a8d74ef5cf16318a5887e39ee1e8cff297b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 29b10facf712978e41161daf15235a8d74ef5cf16318a5887e39ee1e8cff297b
SHA3-384 hash: b80ae906899cdf9593887d95535067d42ff37ceba898fce1da9416fc9c711b30ffcc03fdffd8e564f457c6f4602ed1d3
SHA1 hash: 961eabe1417dc9d63500495802ee6270f91b65bf
MD5 hash: 9470a9352692316c6bd03972c34f5535
humanhash: sink-alpha-hydrogen-music
File name:7bc05142b6afea3d83f1de2797fef663
Download: download sample
File size:2'865'752 bytes
First seen:2020-11-17 11:34:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash baa93d47220682c04d92f7797d9224ce (139 x RiseProStealer, 26 x Xtrat, 18 x CoinMiner)
ssdeep 49152:65kDYGltMgFmwej0eabBGfR7QqERkzRIyl+27:qioRdSbBmVZp7
Threatray 1 similar samples on MalwareBazaar
TLSH 80D53326FF711E99C8BF1E7429D2006B172964029BFDCB17E18A7A6B8F729540B0D34D
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Razy-9370789-0
Create hunting rule

Win.Packed.Razy-9370790-0
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for analyzing tools
Searching for the window
Creating a file in the %temp% subdirectories
Reading critical registry keys
Delayed writing of the file
Delayed reading of the file
Deleting a recently created file
Creating a window
DNS request
Stealing user critical data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/29b10facf712978e41161daf15235a8d74ef5cf16318a5887e39ee1e8cff297b/
Threat name:
Win64.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:35:56 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
831ba6efa4a49eb1c7ff749fe442b393c5a614f383bf1efb52512a183b4362fc
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware
Link:
https://tria.ge/reports/201117-mwpwapdqdx/
Behaviour
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Checks BIOS information in registry
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
29b10facf712978e41161daf15235a8d74ef5cf16318a5887e39ee1e8cff297b
MD5 hash:
9470a9352692316c6bd03972c34f5535
SHA1 hash:
961eabe1417dc9d63500495802ee6270f91b65bf
Link:
https://www.unpac.me/results/a58345a1-fb23-4d50-811d-edbf2263445a/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments