MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a759e32021435c8998b407e6507bfb9b3d753daef9344af0c90cba74bb9a2fcc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a759e32021435c8998b407e6507bfb9b3d753daef9344af0c90cba74bb9a2fcc
SHA3-384 hash: 5a70255f7720f938d9df0a3c357beacb98d7afe0f756b145c59c25068167b99044c874b8b31ad0d3e4eab58cbfe0158b
SHA1 hash: 57b3c36cc2737805cbac487ac5a1b758cd29bb06
MD5 hash: 2b4677fcec0af77af5587c709459f432
humanhash: mike-massachusetts-paris-sixteen
File name:FYI.exe
Download: download sample
File size:102'920 bytes
First seen:2020-10-23 08:59:25 UTC
Last seen:2020-10-23 10:10:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 3072:UQO8xYPQpdlQbMblblbSbsblbdblblbOblb2blbnblbLblbOblb/blbVblbOblbv:g5
Threatray 3 similar samples on MalwareBazaar
TLSH 0AA320667AC10E21D6AA173894EF9D024BF1B6E35EB2C76D1FC133E548632801F9E359
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: outgoing6.cpt4.host-h.net
Sending IP: 197.189.247.39
From: Ricardo Koopman <Ricardo.Koopman@saffer.co.za>
Subject: Fwd:
Attachment: FYI.rar (contains "FYI.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/74994/
Detection(s):
SecuriteInfo.com.Artemis.4939.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/507955
Signature
.NET source code references suspicious native API functions
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a759e32021435c8998b407e6507bfb9b3d753daef9344af0c90cba74bb9a2fcc/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 07:36:19 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u5m6gibbinoitgfua7tfa673tm6xkpno7e2ev4gjbs5hjo42f7ga._file
Verdict:
unknown
Similar samples:
1b6a774498ff154b69bb5833958b8598724b82fb6d90bc561014d04bbf053ddb
4bf5091bc067f8255252ad26fb03b715301433af9334dd100b9b6586983979f0
84da8351b5eae6322fbd9893d8ca0eee67fd4c33315ecd40ddc9e5736ced2d0b
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201023-n8a1tcj6yj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
a759e32021435c8998b407e6507bfb9b3d753daef9344af0c90cba74bb9a2fcc
MD5 hash:
2b4677fcec0af77af5587c709459f432
SHA1 hash:
57b3c36cc2737805cbac487ac5a1b758cd29bb06
Link:
https://www.unpac.me/results/3044c05e-6e4f-46a5-8562-01269b1df372/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar d3db23650e2db067076197ef2c939fc146cf65137d45d762aae32dbefdac6f80

Executable exe a759e32021435c8998b407e6507bfb9b3d753daef9344af0c90cba74bb9a2fcc

(this sample)

  
Dropped by
MD5 6431b7005b017af2ebb933bea5bd7f81
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d3db23650e2db067076197ef2c939fc146cf65137d45d762aae32dbefdac6f80
Cape
Cape
https://www.capesandbox.com/analysis/74994/

Comments