MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9632959c53e43bbcea7780f14324ba5794866607ccc72005770abc57f4f65b91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	9632959c53e43bbcea7780f14324ba5794866607ccc72005770abc57f4f65b91
SHA3-384 hash:	3b5cbe4b03f44039796a360ff2f0d11d27fc2ebcf33db48384b72ef29fd44bbd5b93907d407ecffc828d0d98c6954d57
SHA1 hash:	389c37de4fcb557ccbc89b67051c3f3d2edae6f2
MD5 hash:	f7578590576f773532d92d481e562ef2
humanhash:	nitrogen-iowa-high-hot
File name:	SecuriteInfo.com.Generic.mg.f7578590576f7735.4224
Download:	download sample
File size:	21'856 bytes
First seen:	2021-01-26 11:05:44 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep	384:tRJJ6rAg8TtM0nUDOqgAW172hGqN0S5vYeHYc3NgVGiCZ40GnYPTGKWwphf:tVTtfHbMn5QALngY/WGhf
Threatray	8 similar samples on MalwareBazaar
TLSH	D7A26038A9C45A33D97FAA76D2F005CBFB2125C336569C1F598B83210903B972DCEA0D
Reporter	SecuriteInfoCom

Code Signing Certificate

Organisation:
Issuer:
Algorithm:	sha256WithRSAEncryption
Valid from:	Jan 25 18:32:49 2021 GMT
Valid to:	Jan 25 18:32:49 2022 GMT
Serial number:	1000A97A99CF90443FC79ACBF5BA18D8
Thumbprint Algorithm:	SHA256
Thumbprint:	3E42D5D2E36F019A572E8736FF9135F957E54841390940811CABAF8EA71A713F
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

120

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Generic.mg.f7578590576f7735.4224

Verdict:

No threats detected

Analysis date:

2021-01-26 11:14:28 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9b7e8833-e861-467a-8c43-71a5675aff98

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/113859/

Detection(s):

SecuriteInfo.com.Generic.mg.f7578590576f7735.4224.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Launching the default Windows debugger (dwwin.exe)

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/590531

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9632959c53e43bbcea7780f14324ba5794866607ccc72005770abc57f4f65b91/

Threat name:

ByteCode-MSIL.Trojan.Wacatac

Status:

Malicious

First seen:

2021-01-26 07:27:39 UTC

File Type:

PE (.Net Exe)

AV detection:

11 of 28 (39.29%)

Threat level:

5/5

Verdict:

unknown

09a2e4f8534369466eba713828653e44916f2307420fc47306b1b9cfff181e2c

34b5cac1ca6f60b386393c029a4a9c625690a282c6d7c969ec78e5ece7f19822

714966e76860740b3fe2ece6be27c67cfef373de8784abbdf7326ad415027938

890e5902bf7dfeab083fe139d4045acd80d7573633428108abf2ead66a9dd85d

89690fbe82de4a9fc66f7296a2e54350625a4f5dc382151bf37c2f18489a99e0

96dc3223427540f520a952e0582b91a0ef388e8f7b6122b838236b1a85e89881

e8e70052042fcc4b3b2b2989743a68e3f64be5d97d2be0673657f99f82a4dbac

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/210126-2jcjyscp9n/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

9632959c53e43bbcea7780f14324ba5794866607ccc72005770abc57f4f65b91

MD5 hash:

f7578590576f773532d92d481e562ef2

SHA1 hash:

389c37de4fcb557ccbc89b67051c3f3d2edae6f2

Link:

https://www.unpac.me/results/e49b08e2-bf65-4946-b89e-334d7b86986c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Dropper

Score:

0.80

Link:

https://yomi.yoroi.company/submissions/9632959c53e43bbcea7780f14324ba5794866607ccc72005770abc57f4f65b91

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 9632959c53e43bbcea7780f14324ba5794866607ccc72005770abc57f4f65b91

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/978555/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/113859/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample