MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 500be83e6624af2302e45bc91e026b776d72824cf84896839e03251c41394110. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 500be83e6624af2302e45bc91e026b776d72824cf84896839e03251c41394110
SHA3-384 hash: 76516d3948c7d41a03c0e42551650242ce8af2323584295f0c8cd22464c6eb961c156d6ec53614935ee2aa318034dce9
SHA1 hash: e5a5d416b8cc683a0f49ea60f0d69d263302c692
MD5 hash: 50df13aa7a05034da481f7631505ea2d
humanhash: fifteen-lactose-lactose-mississippi
File name:SecuriteInfo.com.Mal.Cerber-AL.19698.22980
Download: download sample
File size:356'696 bytes
First seen:2020-06-16 20:44:35 UTC
Last seen:2020-06-17 13:59:53 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 2e4a345a5d1e9efd0e126a4dddc51cd1
ssdeep 6144:bRCPH0oTIgJ2DdZcu/hHnWyUIDIsRgOraq6Ix1QDlKt0:bcbT3acuIyEPOraC1QDlKS
Threatray 63 similar samples on MalwareBazaar
TLSH B674D011B38F502FEC86A77251B287920D7AACB30A7D859AD59178FE24F4470A131BDF
Reporter SecuriteInfoCom

Code Signing Certificate

Organisation:UGOJZBQWZRJMHEMMPH
Issuer:UGOJZBQWZRJMHEMMPH
Algorithm:sha1WithRSA
Valid from:Jun 16 09:36:13 2020 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: 473FD1F772940F8E4517C4B9ED4A96E7
Thumbprint Algorithm:SHA256
Thumbprint: 6A9E7DBF3BA1F5356DEB7BC4BFCABF4BD6CE97C67517857CACAD6D02FBF0BCFD
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/11078/
Detection(s):
SecuriteInfo.com.Mal.Cerber-AL.19698.22980.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 20:46:04 UTC
File Type:
PE (Dll)
Extracted files:
35
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
07b339201b9b88b2f43d68584a102fe3c84ab0393e5869357c0b8d08367cc291
11d14048cb74288cda1a77e860fb1a9f0b150e33f10080cce8f691c9c4e949e8
3110ca3a3f271be4e055a24fb49ae3f35646cea6f99d356ea6672a3f705dcbb5
4655c0216538f752dea2ce1649807d597cd83a935f1385bdd8f418616de97b68
5f68e13f8bf051e68782ba9f3d67555b3b8ca8d8b06b9d6b98c5c45c7217b1e3
9bd1a0c0564ae97f2b7c62d392fe749fe2459e1b0f16e2aa0625547b411d1a7a
af428d745dcd02eddb036ee2dbba01665b5331493ba16344f5fa1b0bb1aaa616
df24b965e541f833d891035d6413afa250824f0961dcd6080732b175d3057495
e894ace959ac95fda393105d2905b0668ad93781c04be83f9f41fdf38edc1cbc
f8bcbdcee35ecafe53c58b8a35bf93db799e7a42136ecb7332d636745744c400
+ 53 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery evasion trojan
Link:
https://tria.ge/reports/200624-sv62zs7b3a/
Behaviour
Suspicious use of WriteProcessMemory
Checks for installed software on the system
Checks whether UAC is enabled
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 500be83e6624af2302e45bc91e026b776d72824cf84896839e03251c41394110

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/392909/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/393804/
Cape
Cape
https://www.capesandbox.com/analysis/11078/

Comments