MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 517e1659c9d9ee4de266b3ade2d06965b670d17082ae2c2c97b4c694bb29152a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments

SHA256 hash: 517e1659c9d9ee4de266b3ade2d06965b670d17082ae2c2c97b4c694bb29152a
SHA3-384 hash: 890e39cd81b2366b9f0f0308b2531579bfc0fa0a69e31fb03dcfd16f9e02c66b3f17d36bbeb0efcd327dc0f9d1896eaf
SHA1 hash: 0912761334d559e01f160edc1236d65e45a336ef
MD5 hash: 2da54aeb1483be6de822764ce6156fbc
humanhash: stairway-one-football-tennis
File name:SecuriteInfo.com.Generic.HEUR.QVM18.1.C137.Malware.Gen.18862
Download: download sample
Signature n/a
File size:667'648 bytes
First seen:2020-05-20 23:02:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1d88d597200c0081784c27940d743ec5 (5 x AZORult, 3 x RaccoonStealer, 1 x MBRLocker)
ssdeep 12288:Q77QHZOIrWp2k7/aoYtDzrZTnJ8IsbLlgQRJ6gmqiolgkg1GpkoS:Q7E5Od7wtDXZJ8IsPl1Oqiolgk8Gp
Threatray 613 similar samples on MalwareBazaar
TLSH 81E423A4CA2F5E6DC609A5BC8E80B10543DBD54FC8F864FE81D871D47210B37897E6AB
Reporter @SecuriteInfoCom

Intelligence


File Origin
# of uploads :
1
# of downloads :
75
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Status:
Malicious
First seen:
2020-04-22 09:20:24 UTC
File Type:
PE (Exe)
Extracted files:
86
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion persistence
Behaviour
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Drops file in Windows directory
Modifies service
JavaScript code in executable
Loads dropped DLL
Executes dropped EXE
Modifies Windows Firewall

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 517e1659c9d9ee4de266b3ade2d06965b670d17082ae2c2c97b4c694bb29152a

(this sample)

  
Delivery method
Distributed via web download

Comments