MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 762d458b812f3c4f6e2ef34640b80a388164d4c52176f66cae164c1672acc428. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA 8 File information Comments

SHA256 hash:	762d458b812f3c4f6e2ef34640b80a388164d4c52176f66cae164c1672acc428
SHA3-384 hash:	ffa57e6cd7a906b1ddcd32d6ad0ad702d574ddfd0661eb121c6b303ed7927f01c40fb47d26587a8988d39812964cc883
SHA1 hash:	9a3de45973f3b847ccd60e82328ea789e1ad7309
MD5 hash:	d76065f7dda5ee24e021a025f59561e5
humanhash:	fix-enemy-echo-spaghetti
File name:	WThack.exe
Download:	download sample
File size:	4'233'520 bytes
First seen:	2021-10-24 17:44:54 UTC
Last seen:	2021-10-24 19:14:24 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	1536:0r+s22Qz8X1nFhMHtfPJUHW81yyxQEXjA42Tc0vk3upGYcIesisbn2g3poIwG1ZF:0r+s2Cbs
Threatray	114 similar samples on MalwareBazaar
TLSH	T1B916F9187EDB62513CECD1F0BDAEAF4A703CFAB0A268EC09C918541F567B11A54E7C61
Reporter	JaffaCakes118
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

327

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

WThack.exe

Verdict:

Suspicious activity

Analysis date:

2021-10-24 17:39:41 UTC

Tags:

stealer

Link:

https://app.any.run/tasks/1a4d543d-2d07-4a0e-b461-9c3a6e2f7b5c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/199681/

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.531.6330.26555.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ec937f06-09fe-449a-ad8e-97c19a2b8634

Result

Threat name:

Unknown

Detection:

malicious

Classification:

spyw.evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/875846

Signature

Antivirus / Scanner detection for submitted sample

Injects a PE file into a foreign processes

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/762d458b812f3c4f6e2ef34640b80a388164d4c52176f66cae164c1672acc428/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2021-02-08 06:57:00 UTC

AV detection:

20 of 28 (71.43%)

Threat level:

5/5

Verdict:

malicious

3dc83821af5e8c315cfe4c710e603bf776e866f99f41532dd280d411bc103725

46450a5e309835d161d4e8d834835e46f8329885a7fca0d560226e526692b0f1

6cdefe842611b0f9fea4571bc07ff0de77740f440115852436f4afd1324e981a

702dc8fde667d79575a192cee0075d75b6c2266138896e529cdc08fdaaea440c

70b80a1a24d526e456893f0185550c15c3d914deaf8ebaa02d8817a15aa5bf80

7ea4937a54c4f1373be662d2a8c3bb4aa34faf25dff90318921bdc5a5853524c

cf333d7bb01d28a0a43127cd5c86c8fdfa390c03565bc30fca6ea49b1ef0b7b6

+ 104 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/211024-wbqvbaegb2/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Unpacked files

SH256 hash:

a86d1f7cdd75ba79fba1a3077a7960dfef49f86ccd1f48dfd0ab5aeb61db849a

MD5 hash:

aba901cec4cb1c444b3cb953d1838406

SHA1 hash:

5d99ab7ac911f8e02c0a4d3441b749c0e5e1bfb7

Link:

https://www.unpac.me/results/42e0df6c-cb4d-48ed-8b00-f384fa54f996/

SH256 hash:

a3bae4009210a921a9a5d8c9e4b565124b26ae17aa597d9eb48543ecac0073b2

MD5 hash:

ea739e6a2035cbe335d9a659bbd6f9d3

SHA1 hash:

1e69e649fd531a457bf362d8815bfdb349bba894

Link:

https://www.unpac.me/results/42e0df6c-cb4d-48ed-8b00-f384fa54f996/

SH256 hash:

762d458b812f3c4f6e2ef34640b80a388164d4c52176f66cae164c1672acc428

MD5 hash:

d76065f7dda5ee24e021a025f59561e5

SHA1 hash:

9a3de45973f3b847ccd60e82328ea789e1ad7309

Link:

https://www.unpac.me/results/42e0df6c-cb4d-48ed-8b00-f384fa54f996/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/762d458b812f3c4f6e2ef34640b80a388164d4c52176f66cae164c1672acc428

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_KB_CERT_0be3f393d1ef0272aed0e2319c1b5dd0 Create hunting rule
Author:	ditekSHen
Description:	Detects executables signed with stolen, revoked or invalid certificates

Rule name:	INDICATOR_KB_CERT_0be3f393d1ef0272aed0e2319c1b5dd0 Create hunting rule
Author:	ditekSHen
Description:	Detects executables signed with stolen, revoked or invalid certificates

Rule name:	pe_imphash Create hunting rule

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

Rule name:	SUSP_XORed_URL_in_EXE Create hunting rule
Author:	Florian Roth
Description:	Detects an XORed URL in an executable
Reference:	https://twitter.com/stvemillertime/status/1237035794973560834

Rule name:	SUSP_XORed_URL_in_EXE_RID2E46 Create hunting rule
Author:	Florian Roth
Description:	Detects an XORed URL in an executable
Reference:	https://twitter.com/stvemillertime/status/1237035794973560834

Rule name:	with_sqlite Create hunting rule
Author:	Julian J. Gonzalez <info@seguridadparatodos.es>
Description:	Rule to detect the presence of SQLite data in raw image
Reference:	http://www.st2labs.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 762d458b812f3c4f6e2ef34640b80a388164d4c52176f66cae164c1672acc428

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/199681/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample