MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56e2a716ae6fc8ed5c93d57954d0cbeedd5eb47baa263e1bf2d7c29003d08dfd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SystemBC

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	56e2a716ae6fc8ed5c93d57954d0cbeedd5eb47baa263e1bf2d7c29003d08dfd
SHA3-384 hash:	a9069d0c4600afe729b81d7c0ed8e57f423fe798991ee6d4d7145995a5577e002d8bd57f186ef8f3d6a5c2db4ef876ab
SHA1 hash:	08709f70f41c24f54774c38ded75de95c8f295e6
MD5 hash:	beecedc3f45407ae79e814bd6dbc51b2
humanhash:	triple-seven-uncle-steak
File name:	SecuriteInfo.com.Trojan.GenericKD.34489148.18152.26352
Download:	download sample
Signature	SystemBC Create hunting rule
File size:	152'576 bytes
First seen:	2020-09-08 12:54:24 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	fe37fae51b63f58d13b1ef683c805b1e (1 x SystemBC)
ssdeep	1536:CcTs7VGz3jvnzwthKAhfhKD2Yovg7VWJEQ36jBk2OttiHewykx/SMiLzm/xfWyHq:d8W/zTArpwxuIusDKMV8o2GDPPI2UVf
TLSH	C8E31A0031B5C009EAE80B705EE21638761DBDD8BA24574775A93F7DBFF32E25D1A42A
Reporter	SecuriteInfoCom
Tags:	SystemBC

Intelligence

File Origin

# of uploads :

# of downloads :

109

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/57889/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.34489148.18152.26352.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Creating a file

Creating a process from a recently created file

Creating a process with a hidden window

Sending a custom TCP request

Enabling autorun by creating a file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/56e2a716ae6fc8ed5c93d57954d0cbeedd5eb47baa263e1bf2d7c29003d08dfd/

Threat name:

Win32.Trojan.Wacatac

Status:

Malicious

First seen:

2020-08-20 11:32:51 UTC

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=k3rkofvon7eo2xet2v4vjugl53ov5nd3vitd4g7s27bjaa6qrx6q._file

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/200908-peqb46lng6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Drops file in Windows directory

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/56e2a716ae6fc8ed5c93d57954d0cbeedd5eb47baa263e1bf2d7c29003d08dfd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SystemBC

exe 56e2a716ae6fc8ed5c93d57954d0cbeedd5eb47baa263e1bf2d7c29003d08dfd

(this sample)

Cape

https://www.capesandbox.com/analysis/57889/

URLhaus

https://urlhaus.abuse.ch/url/455417/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample