MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7ebbd6144983988399b8f4e24e169d9c6797f5c573f8ebfc9146d913507fb13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a7ebbd6144983988399b8f4e24e169d9c6797f5c573f8ebfc9146d913507fb13
SHA3-384 hash: c9b0e6ec5d38e7a8a3a00802e0e30e5d40cc8d83db367b504e1a61882fd8bc032610263996d1a428a68c0ddb83f54fe9
SHA1 hash: db9185ba25f9be1ca106d02ce026b9b4a3342f30
MD5 hash: c46201c7441a4811bea133261cf904fc
humanhash: yellow-black-sierra-xray
File name:64dab0c91a33ca81a6dc4b46e4fe4970
Download: download sample
File size:1'732'480 bytes
First seen:2020-11-17 12:33:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash db74288e0222b547b71eb45fa90c95ec
ssdeep 49152:K+rKYrNvdImUr3k+8BZLLlR5VgkSQta19eb:K+Nq0+8lHTXtFb
Threatray 24 similar samples on MalwareBazaar
TLSH 52850211B781D0F1CA7204301F6AFF1A92AAB1744B664EC3B7DC5E4E6E614E0A636772
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Ursu-6959766-0
Create hunting rule

Win.Trojan.Autoit-9791037-0
Create hunting rule

Win.Trojan.Autoit-9792204-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a7ebbd6144983988399b8f4e24e169d9c6797f5c573f8ebfc9146d913507fb13/
Threat name:
Win32.PUA.Wacapew
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:37:49 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  1/5
Verdict:
unknown
Similar samples:
09c444de0cc6948127c49676f5ac857f9dcb358077e4f3e50204e0b1b08daa20
26d4ffab1223f1d072be0aabfd045495c3a477af117b13eb7ebe4a75a0118bdd
38f7fd6bcc5fd2013ab28af3d86a9597eae87229d5e451e50df7f4bd95251c1c
409e9f0bd7768a11ce2a6bbfdeb1563cc82af31f6471772030d991475d5fdf9b
52daa3b5cfda47452639c2c81cf72847cbda657603a5bf9833da1e736cc31bee
56c06a07ab1b55c00d3e43b9e7522496fe3edf9dfcb2fad241a8e52423c6013c
5aa10ae8e03cff3d9c14e200d8d268f0064bddf060fc897cfb8e117b93d38873
71a98c028a343d08e37d32a16f22ef0362469ddb3da6d9dfbdcf54e471cf1533
a9d72d30334206ef9ee87e5a8a919956f521c625508a30b3b7bf94856a60d030
ba69f3a46adab4538160c660436ca56015abacee306b06b064ba2b64df838552
+ 14 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-l4r2q3klfa/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Unpacked files
SH256 hash:
a7ebbd6144983988399b8f4e24e169d9c6797f5c573f8ebfc9146d913507fb13
MD5 hash:
c46201c7441a4811bea133261cf904fc
SHA1 hash:
db9185ba25f9be1ca106d02ce026b9b4a3342f30
Link:
https://www.unpac.me/results/08a18602-bd7a-4f13-ab78-0fa8c3ccda03/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Ping_Del_method_bin_mem
Create hunting rule
Author:James_inthe_box
Description:cmd ping IP nul del

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments