MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 a6c456dcee9a9c53aeb0360bdb52a682137745ad9ec607fce1199e24cd348ee5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 5
| SHA256 hash: | a6c456dcee9a9c53aeb0360bdb52a682137745ad9ec607fce1199e24cd348ee5 |
|---|---|
| SHA3-384 hash: | 41db34a1e8bc75affd70377895c61dc9a3622a5a1c525e890c678c03aa48b3825f3bb78fcd70a374d64d500ef9d7f144 |
| SHA1 hash: | 7025d9adc39f185a5e7df7e3b036d4608ae6ce57 |
| MD5 hash: | c9a181849e162910e5c3b1723a5750c1 |
| humanhash: | georgia-missouri-dakota-spaghetti |
| File name: | Payment Advice Confirmation.exe |
| Download: | download sample |
| File size: | 328'704 bytes |
| First seen: | 2020-11-05 18:52:09 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | d444820d9facb23288061674446775bb (6 x AgentTesla, 4 x Formbook) |
| ssdeep | 6144:Sak1U31+ZcY29SuE7vJR8FzQQa6BhiRd0YxrYkWtSk:1keE291E7eQzRdXYkWok |
| Threatray | 2'892 similar samples on MalwareBazaar |
| TLSH | A0641209B6E1C0F2E112007496595EA346BFB87A567595C373DC0B0F5EB87D0AE2ABC3 |
| Reporter |  abuse_ch |
| Tags: | exe Hostwinds |
abuse_ch
Malspam distributing unidentified malware:HELO: hwsrv-799617.hostwindsdns.com
Sending IP: 192.236.146.33
From: Katherine MacLean <info@cantelmedical.com>
Subject: Payment Advice Confirmation
Attachment: Payment Advice Confirmation.LHA (contains "Payment Advice Confirmation.exe")
Intelligence
File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a file in the %temp% subdirectories
Creating a file
Running batch commands
Creating a window
Launching a process
Using the Windows Management Instrumentation requests
Setting a keyboard event handler
Creating a process from a recently created file
Creating a process with a hidden window
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Reading critical registry keys
Delayed writing of the file
Moving a recently created file
Replacing files
Deleting a recently created file
Searching for the window
Unauthorized injection to a recently created process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Stealing user critical data
Enabling autorun by creating a file
Threat name:
Win32.Trojan.Wacatac
Status:
Malicious
First seen:
2020-11-05 05:39:40 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
unknown
Similar samples:
+ 2'882 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
a6c456dcee9a9c53aeb0360bdb52a682137745ad9ec607fce1199e24cd348ee5
MD5 hash:
c9a181849e162910e5c3b1723a5750c1
SHA1 hash:
7025d9adc39f185a5e7df7e3b036d4608ae6ce57
SH256 hash:
08a2ab25b5a8b33fbb1eb9cc381b7a7dac25e2d71ca287bc88531d3bc777231f
MD5 hash:
12ac0bc8ad2aad0c9463607174405e8b
SHA1 hash:
f67996e0c4c715481e29609800f984da0321f77e
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
cc234caa955cba78b123d3f0b1bb6e4f
exe a6c456dcee9a9c53aeb0360bdb52a682137745ad9ec607fce1199e24cd348ee5
(this sample)
Dropped by
MD5 cc234caa955cba78b123d3f0b1bb6e4f
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.