MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 43ed3081859def68a8b2ef50292e6d9dcbac7aea6ddb03de294fb9ed367c9f06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 43ed3081859def68a8b2ef50292e6d9dcbac7aea6ddb03de294fb9ed367c9f06
SHA3-384 hash: b3e3d7aa4a7fce6d5299cbaa4661e0f3c9e041af039cf9506f7167e9da4cc72703be4ec47dbdc26105c8edc5869e0a38
SHA1 hash: ae002b53b3e8a03e32a13237becb3a761063fa75
MD5 hash: d872b7acde76b814e30be1c43083d3d6
humanhash: magnesium-gee-nineteen-triple
File name:Ficha OMS - Reserva Medicos.exe
Download: download sample
File size:720'346 bytes
First seen:2020-06-29 13:01:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 00be6e6c4f9e287672c8301b72bdabf3 (116 x RedLineStealer, 70 x AsyncRAT, 55 x AgentTesla)
ssdeep 6144:e/fAhvV6B8ErzPZp5wdz753RSjpPBUH/U9xSln8Wgoy:efAv6B8azBwd+pPeH/0xSlnZgoy
Threatray 263 similar samples on MalwareBazaar
TLSH 85E43802AD8EC0A1D2211537D825F6FA362D6D270BF0B9CB77907F2BB5318C256B5B52
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: smtp-vm-badsender.pro-smtp.fr
Sending IP: 217.171.20.84
From: <reservationsdepartmentbestco@outlook.com>
Subject: Solicitação de Reserva
Attachment: Ficha OMS - Reserva Medicos.rar (contains "Ficha OMS - Reserva Medicos.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/16312/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

SecuriteInfo.com.Trojan.GenericKD.31721986.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/43ed3081859def68a8b2ef50292e6d9dcbac7aea6ddb03de294fb9ed367c9f06/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 13:03:10 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ipwtbamftxxwrkfs55icsltntxf2y6xknxnqhxrjj6462nt4t4da._file
Verdict:
malicious
Similar samples:
1aca49752cef2bb58d097e0ac96963e32f14e4e6b1e6e24e11125d1e9ef54cf2
3e79be51a78170ac177641b8225b22d37548617800ea0362733eeadc77445b98
5261874485f9fe16a78a558734e8652f93db1d544f3be331e7f6adc06f43ee98
6ec6d3425cc3bdc664f5938119469a2947ad061dac33fafbd303998c9311a254
70d86fc8d1247dcd26ed0927411614973d45216d676978f768e14cb16d362536
8f60548d2cde9e0681d8609aef71f51c820073a2a70e75bfa0fa56e3890d94e0
90dd2d39ffc0ebcf1db286191a316c833ddc3111337e1c05e3d847e03e67c377
b5c7fbd5e805b6f1a9796c041be4f9829d2157e5b59a6608871511d045b8d79c
b5e39716f576e5ff21e945560a98ee7ca7309491b2b7f2643728cd341b9c19de
c7962bac550ffe20ff69bbcecea355ea9689fa1e76506d3d8343f1b1f5619706
+ 253 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion spyware trojan
Link:
https://tria.ge/reports/200629-dghq69pnfx/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
An obfuscated cmd.exe command-line is typically used to evade detection.
Modifies system certificate store
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

a1fe360460e452cadebca2113d11ac7a

Executable exe 43ed3081859def68a8b2ef50292e6d9dcbac7aea6ddb03de294fb9ed367c9f06

(this sample)

  
Dropped by
MD5 a1fe360460e452cadebca2113d11ac7a
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/16312/

Comments