MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3cd034c889355d26c1d1b07ef9dedfb57bc4842bdc083fc5d9fc165d27b49319. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3cd034c889355d26c1d1b07ef9dedfb57bc4842bdc083fc5d9fc165d27b49319
SHA3-384 hash: 044d5bc76baf32bea457feac3114f30706abb4cb7346f4e774533363665c8822550fd177dfcc5db8396f9a1ca3930ac2
SHA1 hash: bb3a6c4e76035788af051f37e058b51f58eb42c9
MD5 hash: 9dc8e8926b693ac69ab4009b1f4eef11
humanhash: sweet-moon-emma-lemon
File name:SecuriteInfo.com.Mal.EncPk-APV.23905.18917
Download: download sample
File size:573'968 bytes
First seen:2020-08-04 17:57:31 UTC
Last seen:2020-08-04 18:29:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ab3ea6147cf30c3045e45f2bd2d3ac0e (8 x Quakbot)
ssdeep 12288:FtEMUvHKtJ+X6tkXbcv28lAqTVc2xrWyMQr:TEEtJqw+8lAUVcarWyxr
Threatray 409 similar samples on MalwareBazaar
TLSH A0C4DF147E311EF3D4220A735EB3D231EA5D1C28669584002FB4F66E3B36EAA5BC7D91
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Mal.EncPk-APV.23905.18917.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a process with a hidden window
Creating a file in the Windows subdirectories
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/409887
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect virtual machines (IN, VMware)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3cd034c889355d26c1d1b07ef9dedfb57bc4842bdc083fc5d9fc165d27b49319/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 17:59:05 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
00b6ac9409a35efd54cd1cfeade841d0be7f223364c0ae16ef2188bf06a4bb15
09c69b44ebee61c28b98a3d0df77fd22026da5a355e851f95164797537703521
2794656a18cb7899441cf3ed7678b282fc49a736b0dac62e304f185a13d3fe3e
39093e13c719696d510f790d601e904f7bdefa23f5bf1840bcd89496d972a4fc
652bb2096d56a3b060aa8647c7e5df367df5e126e88fc563ae79019ea430310e
6776f02bc6b2e01ae7e68d89438cc4f96d8cbb5b8268583a02f1c959ff5c330e
8c622a97fff3ca6668bef65dcbb0798c9e933317424f10d0f20b21b86f20d89c
a5a2de145e0dd369a8e1059d3530d89a366b494c8c1246f454f0b7eed6cfef82
b2e312a2690d59a2c3ad0520e0e60dd046fc66e039a0c24baf349e959e87b006
d26f7e7cee5db195c9509b1d5824b03e3fd74fa60b164a96be20300597d51c7e
+ 399 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200804-vt478vv6da/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Runs ping.exe
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3cd034c889355d26c1d1b07ef9dedfb57bc4842bdc083fc5d9fc165d27b49319

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/38890/

Comments