MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f5f68e3163fd4aae367b129dc4d519000905b78d66e6933e7b091053eadd98f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fantom


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f5f68e3163fd4aae367b129dc4d519000905b78d66e6933e7b091053eadd98f
SHA3-384 hash: c5724284bafd6465f1158533c3c5a362a779f32768a4f44ca0167aba879a65fcb98cef753582535207c118bb838de05c
SHA1 hash: 6d694480b797108730f412a82778c6bc2962baae
MD5 hash: 4ce60eb5ec944d8088c64f7a3a998cbe
humanhash: yankee-four-fruit-apart
File name:c3ZydHJ6
Download: download sample
Signature Fantom
Create hunting rule
File size:123'392 bytes
First seen:2020-10-06 11:48:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 3072:u1uJoCGsy/koEW8ewZCZ+uS101dE7jrEn2qIA:u4vPQZp5yjP
Threatray 34 similar samples on MalwareBazaar
TLSH A1C3292A7B44CF20E51C1477C1DF552807F0AD932AB2E79B3E99339D09063E76D08ADA
Reporter JAMESWT_WT
Tags:Fantom

Intelligence

File Origin
# of uploads :
1
# of downloads :
161
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/68574/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Creating a file in the %temp% subdirectories
Launching the default Windows debugger (dwwin.exe)
Blocking a possibility to launch for the Windows Task Manager (taskmgr)
Setting a single autorun event
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/482707
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Disables the Windows task manager (taskmgr)
Drops executable to a common third party application directory
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f5f68e3163fd4aae367b129dc4d519000905b78d66e6933e7b091053eadd98f/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-09-29 22:23:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0d179277dc17521d3f9668838ddc6cfe818f72ef5691c123443b9442295d90ff
Fantom
1aca49752cef2bb58d097e0ac96963e32f14e4e6b1e6e24e11125d1e9ef54cf2
Fantom
6ec6d3425cc3bdc664f5938119469a2947ad061dac33fafbd303998c9311a254
Fantom
70f8a912b0343b177f6c04ea6a642dd85f68044728e5481e86cfe8311ed86e21
Fantom
72146e890efa1de6ee90e445ceb11ad9dc3b053fa5e82757756a393ee4617a77
Fantom
733036ae8101048351d1cf684fe1bc02c1cf7a70725a470bec7cbd59a602738b
Fantom
e874283490ec44e6cad0729867ee2441d0eb80d76b615455babebc7f5d4ec452
Fantom
f41d910195a48409a0d7047fa3e9d2d62b19361c92f8f2f045d9a4ba7a0e869e
Fantom
f9b03c723f0707c47dc00e0d77ac55559d2cd07cd6b38a67126e535068ca05dc
Fantom
fe3e525b56aaa99c9716eb9a4b7a1884e8b1f35d38388268f627485532f25d60
Fantom
+ 24 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion persistence
Link:
https://tria.ge/reports/201006-wqcc29bydj/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Adds Run key to start application
Deletes itself
Disables Task Manager via registry modification
Unpacked files
SH256 hash:
7f5f68e3163fd4aae367b129dc4d519000905b78d66e6933e7b091053eadd98f
MD5 hash:
4ce60eb5ec944d8088c64f7a3a998cbe
SHA1 hash:
6d694480b797108730f412a82778c6bc2962baae
Link:
https://www.unpac.me/results/7a970d5e-889f-4a97-b303-cd7b9149661c/
SH256 hash:
6c30d99321ee9bc94a3340ec3ba25b936f32a8f94a22939b4a279faf5ccd6688
MD5 hash:
42cdf6f92731f7f4112c85d0008107ff
SHA1 hash:
5a41212cf62868c3f2562e4dedb48a75888c4bb6
Link:
https://www.unpac.me/results/7a970d5e-889f-4a97-b303-cd7b9149661c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7f5f68e3163fd4aae367b129dc4d519000905b78d66e6933e7b091053eadd98f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/malwrhunterteam/status/1313444925892177920?s=20
Cape
Cape
https://www.capesandbox.com/analysis/68574/

Comments