MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b35e23599a0c1f88bc04a1a656aa158fda2fc46750d810bfe6801f96cdbec0fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b35e23599a0c1f88bc04a1a656aa158fda2fc46750d810bfe6801f96cdbec0fa
SHA3-384 hash: c33f3fa72c84ee47352248093cb2cad5efbd6d9e58443df6b5fd602e4ee80d203890563d28be82de8a5ef45f021e2e11
SHA1 hash: e2f42f1520058593d93e5378760724f918705b04
MD5 hash: 7a8ff582c7e91af4c10019b82ada67b4
humanhash: music-tango-kilo-oranges
File name:SecuriteInfo.com.Program.Win32.Wacapew.Cml.19599.29480
Download: download sample
File size:1'318'400 bytes
First seen:2021-11-17 20:21:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f4e7bb43f5590a96950cc8800ef7c885
ssdeep 12288:k63GNTFtSCQ8NLaVhGqEdxtsvoxR6polnJeGek1XAmb/VVyor5M1ITUHAS/JaNq8:dRQZrx1iKn27A0TqD4+
Threatray 31 similar samples on MalwareBazaar
TLSH T11A552CAE9572129BFED34C35CDD8B2A1CA932A3D8D3BD5F25DA1D13028391A1ED07613
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
STATEMENT[2021.11.16_10-19].xlsb
Verdict:
Malicious activity
Analysis date:
2021-11-17 16:03:44 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2ac04831-afdb-417a-9af6-d91f2a24fb82

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Detection(s):
SecuriteInfo.com.Program.Win32.Wacapew.Cml.19599.29480.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
packed
Link:
https://www.filescan.io/uploads/6195643143e8f62b66978d05/reports/cbbff805-6b1c-4381-9040-4ee2f94d2ee2/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/549d1a23-7fa9-4b10-b46c-e1b0e442d4c2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/891516
Signature
Creates an autostart registry key pointing to binary in C:\Windows
Sigma detected: UNC2452 Process Creation Patterns
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 523993 Sample: SecuriteInfo.com.Program.Wi... Startdate: 17/11/2021 Architecture: WINDOWS Score: 60 59 Sigma detected: UNC2452 Process Creation Patterns 2->59 11 loaddll64.exe 1 2->11         started        13 rundll32.exe 2->13         started        15 rundll32.exe 2->15         started        process3 process4 17 cmd.exe 1 11->17         started        20 rundll32.exe 11->20         started        22 rundll32.exe 11->22         started        24 rundll32.exe 11->24         started        signatures5 55 Uses ping.exe to sleep 17->55 57 Uses ping.exe to check the status of other devices and networks 17->57 26 rundll32.exe 17->26         started        process6 process7 28 cmd.exe 1 26->28         started        signatures8 63 Uses ping.exe to sleep 28->63 31 rundll32.exe 28->31         started        33 PING.EXE 1 28->33         started        36 conhost.exe 28->36         started        process9 dnsIp10 38 cmd.exe 1 31->38         started        40 cmd.exe 1 31->40         started        53 127.0.0.1 unknown unknown 33->53 process11 process12 42 reg.exe 1 1 38->42         started        45 conhost.exe 38->45         started        47 rundll32.exe 40->47         started        49 conhost.exe 40->49         started        51 choice.exe 1 40->51         started        signatures13 61 Creates an autostart registry key pointing to binary in C:\Windows 42->61
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b35e23599a0c1f88bc04a1a656aa158fda2fc46750d810bfe6801f96cdbec0fa/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-11-17 17:21:33 UTC
AV detection:
8 of 28 (28.57%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
100ab1a8d68493c43a477aa54948803f96a31b4c7854840a505de009d6c360a8
22e899eddfcdd250f184f10d71b117c2b6a1625847ba5c46c39ee6245afc1ef2
2a2b204b3d8df0388dd42a8fa5b7e9652f262c15b92de6ff13fec8778a6aac3f
33082f1f702c0919efd47a7c935aa3972c90f7f7419c9aa6c87492f57658d403
69c6638c277af7f94f34c6f1ea1cee9d7cf5ee7a1e8ef0d2df527f8d6a529f5f
6d8fcc850b8c796be3f6244f1f681332d155486bdd326ad6be78ea7172718db4
880e2c5548284e08c44028f419a98350fa58e9f758a57f4ddb7b5d6e48fc7eb9
95347bea5432c09cc216f5db771b956eb78a43139789036af9446139967b1c7f
b24e47b63ec35e9a420b9fbb64106b2f9e6e8a18676e8c79ff2ca67af06f1291
e192593ff1df7a3d24cc9463fdcde0b39b49a26816da608d50960da3131e2e36
+ 21 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211117-y41akadhc7/
Behaviour
Runs ping.exe
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
b35e23599a0c1f88bc04a1a656aa158fda2fc46750d810bfe6801f96cdbec0fa
MD5 hash:
7a8ff582c7e91af4c10019b82ada67b4
SHA1 hash:
e2f42f1520058593d93e5378760724f918705b04
Link:
https://www.unpac.me/results/11f372b0-ca23-464c-87bf-f77b96064bf9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b35e23599a0c1f88bc04a1a656aa158fda2fc46750d810bfe6801f96cdbec0fa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b35e23599a0c1f88bc04a1a656aa158fda2fc46750d810bfe6801f96cdbec0fa

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1797679/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/206975/

Comments