MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa46ec291334b68e6c96fed8f2b88ce521dd87ff7535a5465537e7d2c36d1539. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa46ec291334b68e6c96fed8f2b88ce521dd87ff7535a5465537e7d2c36d1539
SHA3-384 hash: 4acd7d1e1032db4920e5826ad5ca27410506d250c6a2602faaad54abdfd0ea0079a6bbc83bb1c4231f21ad7b334d20e2
SHA1 hash: 35ed16d019c0cac49e59b872515c76e7cef7f436
MD5 hash: 73ce182d783b6b29452897134fcfd483
humanhash: early-zulu-coffee-stream
File name:Vape Client + Crack.exe
Download: download sample
File size:457'216 bytes
First seen:2021-08-06 19:46:59 UTC
Last seen:2021-08-06 19:47:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7182b1ea6f92adbf459a2c65d8d4dd9e (5 x CoinMiner, 4 x RedLineStealer, 4 x DCRat)
ssdeep 12288:gbjDhu9TIJeSsJSIX7rNU6wt0p4fPEIRlY:O1eTIoRXnpwipgPjRlY
Threatray 43 similar samples on MalwareBazaar
TLSH T1A9A4F156B1E40298CBB942F6C5921742E73174761B65B3DB1BB853B62B2B8C68F3C3D0
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/177073/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34126398.28157.2351.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Running batch commands
Creating a process with a hidden window
Creating a process from a recently created file
Creating a window
DNS request
Connection attempt
Sending a custom TCP request
Sending a UDP request
Creating a file in the %temp% subdirectories
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cfbe26f7-01cc-4f80-8c83-1fb2e4e3dd1e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aa46ec291334b68e6c96fed8f2b88ce521dd87ff7535a5465537e7d2c36d1539/
Threat name:
Win64.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-08-05 16:52:07 UTC
AV detection:
11 of 27 (40.74%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0284735896363aeae81486be25751824f82b385dd4b6150358ff9b68c36c71e2
0389ffef740d3bd365f2b699ac006b478a5346a1dc2383e10fd5152771641c0b
33358691144fd04943b0de774643ba673448b6d7e616d482beb5200d09f9beeb
5f2846d5daa6e5781427feb62144502ff1522b8250eadbfb7aa3602d04eac1fb
767e8cdbeeb723d9a79665ef465e3ceca2595d773a04a7c900d550ad780ee1ff
88c642b1fa43b77487f3916dd95ac236189971475c3289c745dc45a739e6453f
9cc0cf19e63fbf43ed381c94967a1c52a606452657cc05c17b27a1a07e2c5607
+ 33 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210806-azjpt6gxf6/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Loads dropped DLL
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
aa46ec291334b68e6c96fed8f2b88ce521dd87ff7535a5465537e7d2c36d1539
MD5 hash:
73ce182d783b6b29452897134fcfd483
SHA1 hash:
35ed16d019c0cac49e59b872515c76e7cef7f436
Link:
https://www.unpac.me/results/5ffd9e33-4cd8-400e-8e6c-52c4deaebed6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.68
Link:
https://yomi.yoroi.company/submissions/aa46ec291334b68e6c96fed8f2b88ce521dd87ff7535a5465537e7d2c36d1539

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/177073/

Comments