MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fc42d8d65da12afe624f5b959b3318a808fe18640d497fa5ed7530748e7935a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5fc42d8d65da12afe624f5b959b3318a808fe18640d497fa5ed7530748e7935a
SHA3-384 hash: e7fada022f0136aa624f66ab13c8199aa2666d9db9f1048c0e53021570d10c25e1936b27b8d1bf6436db997df9eabd23
SHA1 hash: 0d4c9859019a1003b95275ceb13115b59e72eac4
MD5 hash: 7c7109fedfa66ef03c705e5520c2c526
humanhash: echo-three-monkey-robin
File name:SecuriteInfo.com.Variant.Graftor.762671.31489.5331
Download: download sample
File size:2'444'800 bytes
First seen:2020-06-22 20:44:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 62f27e6b1132696cd1828d2cb2125e6e
ssdeep 49152:4xZE0z3gQDaBS2u2asHOXT5jrNGrYRHhBkkuCaStgL:4xZE0zpMNLaoOtjpGkRHduCaSt
Threatray 15 similar samples on MalwareBazaar
TLSH F4B5332953324E22C6D15C78372EEA2EACB3EF71EFB0549B7257D5869F672587080243
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/12757/
Detection(s):
SecuriteInfo.com.Variant.Graftor.762671.31489.5331.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5fc42d8d65da12afe624f5b959b3318a808fe18640d497fa5ed7530748e7935a/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-22 20:46:05 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
5ef8714caf9c7296847b67b27edb93c3aec23d7e77b57d23d0e8607d707a2c49
6c90f16a6932be921cbb44b9e4531cf36e5ded6d5dd0016c4309a56ab8a96461
8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2
85d879be258470ed22d55bb6fda8be5d0b7d480c23d95b252516e85ccad2fec4
991c4166a2246ca5ae9186a1e747f5eb767fdbd304dbfa1c5f4a2019cb6b4aec
aeb1bfcef382789091e72e2d6cae6e471123d0e8e7a5f39c64abf5a3d9a4eaa8
eddc999a7e76c2af01abaa813a903686f6f5b7ff94a7587c071bf2d2243b5239
f4901daf97516f9a9b54233dd81810398de07db40d47072f37d90b4225387fd2
+ 5 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/200624-wjagaqzd46/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
Suspicious use of NtSetInformationThreadHideFromDebugger
Looks up external IP address via web service
Reads user/profile data of web browsers
Deletes itself
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/12757/

Comments