MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3690d387e841f98e0a92a700196961b11b717b0f543e601d7e0f6c848cc77bbf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3690d387e841f98e0a92a700196961b11b717b0f543e601d7e0f6c848cc77bbf
SHA3-384 hash: 62bc425776776bbef96e488cf6c1af351fbcaa3c9fb9f09c20bab4efcf53c43cfa5eba9dc2b79ad718b77a88c72b8c99
SHA1 hash: fa41fc845474224b3cfcad734b6c1d9f1f2fdf3e
MD5 hash: 7c16338ec693eb53fe0de34622c0ca2b
humanhash: connecticut-november-arkansas-black
File name:SecuriteInfo.com.FileRepMalware.30186
Download: download sample
File size:111'616 bytes
First seen:2020-07-10 15:28:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 1536:0l/Nus4phrF6RY5BDgWLXqnm4HVxjInkWrO3o9vSoV:4w6RYDgWLMm4snkWrOISoV
Threatray 89 similar samples on MalwareBazaar
TLSH 01B36B0876808077D55B4639D8B39A40D776B80557F2E38F2FF9516B9F333A0AA3A325
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/24437/
Detection(s):
SecuriteInfo.com.FileRepMalware.30186.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
DNS request
Creating a file
Launching the default Windows debugger (dwwin.exe)
Sending an HTTP GET request to an infection source
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3690d387e841f98e0a92a700196961b11b717b0f543e601d7e0f6c848cc77bbf/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Suspicious
First seen:
2020-07-10 12:15:21 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
3ee692779441b3a14699edc0f9ad269c58281d5735c570a9468f077739db26dd
692dc7ac48dfa381cd7f860236876e3621af2e1dc984b8f14cad498e412e88d8
8a6b671ef4fc65efa1bd306da35f4bf2a18814d1ecf0f868ff2f27177fb37809
cfac75f3ee6ba6f7816e73908f679a7c185b12044580c1f6b0cbf41dfe74b0f7
d0e642197915ade19fb4c2df299063e49ed7f650e4b3b6ee90d4f0d626b900c3
dbbc9e640af23658de56eba2f5ec2152de38fa35f11343f0d2216b8b5d7967a8
e8406edde4743eec38d88fd58f2c79b11d09d76bcd57b757cdf5844ea5bd55e7
ed1a371e8918f6f1dde9fad1e3edb2c984ea3704217e2bca5b2489b61d1bc56e
ee5330d0a01cd004994c5798a3c0c09b160b560e6cdb3f2509b9af2431a0a8fd
f208226c60c95ee10f879f0f38ad9bf85a30fa411d6d20893e9ddaea5a0daf20
+ 79 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200710-3jk7bj1hr2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Legitimate hosting services abused for malware hosting/C2
Loads dropped DLL
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 3690d387e841f98e0a92a700196961b11b717b0f543e601d7e0f6c848cc77bbf

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/24437/
  
URLhaus
https://urlhaus.abuse.ch/url/410808/
  
Delivery method
Distributed via web download

Comments