MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c9c755d0a8f2766199b47c7a53de2fb10164c4ddffa10b03e31d8bf4e7ee690. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c9c755d0a8f2766199b47c7a53de2fb10164c4ddffa10b03e31d8bf4e7ee690
SHA3-384 hash: 3c824f746486f22dfaae4d073c776729fb5d06380a7d3c1fa5fc0c84c4874920414df202a2245dfaddec10c6f9926668
SHA1 hash: fda9d90fddbb798c1c02a5f87b5c4cbfaa6b7c06
MD5 hash: 2315f590587ee8a476f0f7352b821e21
humanhash: connecticut-march-mango-cup
File name:Pictures_logo jpeg jpeg jpeg.exe
Download: download sample
File size:154'816 bytes
First seen:2020-10-11 12:02:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'643 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 3072:VnBwVLd/em62htmMcn9qSLiwyQxm+njmP5mgxCUnnqQQm+T5OdrJ:VnBILd/tntaErH
Threatray 1 similar samples on MalwareBazaar
TLSH 22E361406125B52EB575C6F50777BC4B3AA0D1B12368F23DA4C82A4DD981D262B3BFCE
Reporter abuse_ch
Tags:exe Yahoo


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: sonic313-22.consmr.mail.ir2.yahoo.com
Sending IP: 77.238.179.189
From: optns_multechilink@yahoo.com
Reply-To: optns_multechilink@yahoo.com
Subject: Fw: Quote#CON-071720-EB
Attachment: Products_Pictures_logo_Designs_ pdf.z (contains "Pictures_logo jpeg jpeg jpeg.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/69829/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Creating a window
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/487688
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c9c755d0a8f2766199b47c7a53de2fb10164c4ddffa10b03e31d8bf4e7ee690/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Suspicious
First seen:
2020-10-11 05:44:52 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lsohkxikr4twmgm3i7d2kppc7mibmtcn375bbmb6ghml6tt642ia._file
Verdict:
unknown
Similar samples:
a85887d85d64f107d3801b3f7cd65b4d2e3d7ff742543162a8f087e52dac6607
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201011-39kwrggtl2/
Behaviour
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
5c9c755d0a8f2766199b47c7a53de2fb10164c4ddffa10b03e31d8bf4e7ee690
MD5 hash:
2315f590587ee8a476f0f7352b821e21
SHA1 hash:
fda9d90fddbb798c1c02a5f87b5c4cbfaa6b7c06
Link:
https://www.unpac.me/results/250d148f-7b15-4cb5-8e14-cee9f24b8cf2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dropper
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/5c9c755d0a8f2766199b47c7a53de2fb10164c4ddffa10b03e31d8bf4e7ee690

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 9c35ed199fcf933ec7556da78c9e96e96dd327af53bc221dd004f0417c21a81a

Executable exe 5c9c755d0a8f2766199b47c7a53de2fb10164c4ddffa10b03e31d8bf4e7ee690

(this sample)

  
Dropped by
MD5 7fde122d4fa09f705805541e0eac62c8
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/69829/
  
Dropped by
SHA256 9c35ed199fcf933ec7556da78c9e96e96dd327af53bc221dd004f0417c21a81a

Comments