MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84581968dd8c3480b3f0dcc2cd0cffa26542bb8cb79c8150f2be5ea5afd1b6b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 84581968dd8c3480b3f0dcc2cd0cffa26542bb8cb79c8150f2be5ea5afd1b6b1
SHA3-384 hash: f64431b28fe5e7b09c03d74d0791d4df9b99c77592ccc0453a8762c65561512156743fe0db56966f8d94f4ed8bfb24ed
SHA1 hash: ef8ed567b41acb15ccf5aba6c309d9ba7dbef285
MD5 hash: f44517da7d8b8146b150da2e3db4f459
humanhash: fix-september-vegan-solar
File name:SecuriteInfo.com.Trojan.Heur.D.IQW@dCMRUYgi.8049.17283
Download: download sample
File size:2'663'936 bytes
First seen:2020-05-14 20:35:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f70b11599e76d53849b96c7bb204c3be (1 x TrickBot)
ssdeep 49152:7oqWdBMcYRxFXoA+dpdgnWD+YBBeYtv27js+/7WJQOFAIr9vZ+NzMM:viD6FXoXdhDbBBLtO71KmOVr9vE4
Threatray 46 similar samples on MalwareBazaar
TLSH DCC533542C9A1BC5DA690B34EC81D8FA118A7FF4A62CF6D8164F61E30332F754287BB5
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Heur.D.IQW@dCMRUYgi.8049.17283.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 16:45:38 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
1571b2ee13c7552f19b2fffc1c3f7dc63dffa8652d0cfa32136852629763018d
33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a
433811102726bc15416ca338a2df55ec1daaf3f2565ee00d7f6484064746fb30
57322806d9dc1437a2491cac599aa2df5028184e3deec9d9c45c6b4d003b0132
8cd9ff6a88e32c22bc217df94c45075bc145f0263d0e151180fe9651d8826e57
99b9b649c59745f1544c91ffe35dad1e1529c9cb6715325c95ee396bbe3db2ab
9b2ad325e0cda26d0cd3769bea307050581d5c38d40d1281ff7e6b56420369cd
ad3c67acd7773a47ac0d46c544f1bcaa03ddbeb577b195e66fc4a15cd4413dab
c91e89e7dd72b337a6933cf71f0b9905d58460ca0f0c922f49ad86d3819af960
d6ba040d10d1fb8e0f6a8b1d5378be566f6d3816bf1a00fb3e0bb6eed29346b2
+ 36 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion trojan spyware
Link:
https://tria.ge/reports/201109-m27s2qnmgs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks whether UAC is enabled
Looks up external IP address via web service
Checks BIOS information in registry
Reads user/profile data of web browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 84581968dd8c3480b3f0dcc2cd0cffa26542bb8cb79c8150f2be5ea5afd1b6b1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/362731/
  
Delivery method
Distributed via web download

Comments