MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a2495dd16c49fd1eb91952b892b97cc564f5241cec81dc1a6d87cea0f6310bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a2495dd16c49fd1eb91952b892b97cc564f5241cec81dc1a6d87cea0f6310bd
SHA3-384 hash: 674b8f6c439ba54f29fd0d14fa8ef9db555b5b9b34435044a3d20ac08c43f7e8ff459258e6ebd6658d267b89af3dcd2a
SHA1 hash: d90d49a7dce8a3fcbdc71b98a9803b8fe10549e6
MD5 hash: f7b96ddfc093194e5ec1929fb00eb954
humanhash: skylark-eleven-spaghetti-cold
File name:SecuriteInfo.com.Generic.mg.f7b96ddfc093194e.8953
Download: download sample
File size:4'032'000 bytes
First seen:2020-07-06 04:38:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 82cabf42569bf13b89077ab6e5158bbe
ssdeep 98304:q8SuGl2evqJv+UMoHP/yYluE18YVVWXCvr/MIOhkwftA2AY6y:qzJbyJaoHP6YluE1dz/MnhWDY6y
TLSH 3816335072878DB3F288053491365AE54FA2DC38975956E7AFA83B2C2FB13C1CE77249
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Generic.mg.f7b96ddfc093194e.8953.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Launching a service
Running batch commands
Creating a process with a hidden window
Launching the process to change the firewall settings
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3a2495dd16c49fd1eb91952b892b97cc564f5241cec81dc1a6d87cea0f6310bd/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-05 22:24:29 UTC
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan persistence discovery
Link:
https://tria.ge/reports/200706-8r4mwgk8p6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Drops file in Windows directory
Drops file in Windows directory
Modifies service
Adds Run entry to start application
Checks for installed software on the system
Checks for installed software on the system
Adds Run entry to start application
Loads dropped DLL
Loads dropped DLL
Modifies Windows Firewall
Executes dropped EXE
Executes dropped EXE
Drops file in Drivers directory
Modifies Windows Firewall
Modifies boot configuration data using bcdedit
Modifies boot configuration data using bcdedit
Windows security bypass
Windows security bypass
Suspicious use of NtCreateUserProcessOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/20769/

Comments