MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7c78e8480d002889a9c135f046d072ea256893285f7788644ec4a741019850b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b7c78e8480d002889a9c135f046d072ea256893285f7788644ec4a741019850b
SHA3-384 hash: 176f0b622b089593e87fd2b7dee88a2825e4317b354831f0d0664cd533997d3ad8d934d416c83374cc8c59989bf622b5
SHA1 hash: ba512622a7236dd13d3e3d7858b36e400116c52b
MD5 hash: 573bcd759e341e5abc3d4980b9d0434d
humanhash: nuts-artist-seventeen-bakerloo
File name:ad3be8bfe42414dbefd5a70b62730780
Download: download sample
File size:27'136 bytes
First seen:2020-11-17 16:00:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87bed5a7cba00c7e1f4015f1bdae2183 (3'034 x Jadtre, 23 x IcedID, 17 x Blackmoon)
ssdeep 768:Kd5u7mNGtyVfjUDsQGPL4vzZq2o9W7Gtxt3YV:Kd5z/fjgvGCq2iW7Y
Threatray 1'575 similar samples on MalwareBazaar
TLSH A3C2D073CE8084FFC0CB3032204522CB9B575A72A56A6867A750D81E7DBCDD0DA7A753
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Vtflooder-6260355-1
Create hunting rule

Win.Malware.Cerbu-9789017-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a window
Changing an executable file
DNS request
Connection attempt
Sending an HTTP POST request
Modifying an executable file
Creating a file
Running batch commands
Creating a process with a hidden window
Connection attempt to an infection source
Infecting executable files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Wapomi
Create hunting rule
Detection:
malicious
Classification:
spre.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/540707
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Wapomi
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b7c78e8480d002889a9c135f046d072ea256893285f7788644ec4a741019850b/
Threat name:
Win32.Virus.Wapomi
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 16:08:06 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
06cf443baf6537a76c5901cba1ddf40b54cb445d42221d3fb8cbe064a8a000a9
19ef5f704dea3a411a659d465504e3abca489e184f2ff9b637675f5eacda6bce
294a83ae0c7d1903b69089072b2674af609bf15097adaffe119c7d2699baaacf
38f72b740b549d70ea094786ca3433280877a9d9f0ba4494a1c7ecc248b3a64a
4a8abc256f05c3ea23b496ee4d45c0ae511f6a400ef19c0cdd7251aa70c61917
635940fc91f9b5873990f8e2fedc80683b35ac70cd8a0bf65738441e951bceff
6c5a9d44fbd77d8e217c2017d99dbc3c67cd27251a692bdfe9bc6caf6be1bbe1
9c1d79f942539ab95f33f0aca078c7d083cb433d6479079e33941e727b197bb3
c2c184982b1a8f34a7d394071a9b8a3c45f4d0b3c54daeeebff50ad77ed00efd
e153c0b58b889f4ef43e3cc00fd86bee14c88ffabb617a5388ab8d58d323719d
+ 1'565 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
b7c78e8480d002889a9c135f046d072ea256893285f7788644ec4a741019850b
MD5 hash:
573bcd759e341e5abc3d4980b9d0434d
SHA1 hash:
ba512622a7236dd13d3e3d7858b36e400116c52b
Link:
https://www.unpac.me/results/16d34750-404d-4e85-941b-832db53cbcba/
SH256 hash:
3721151e23704b27e34bef8d3c5f589e69b396a62052d9cbf03425f0209be80c
MD5 hash:
1736d786b1a740f1ba4508a6e057e057
SHA1 hash:
90888014e24d582015ef51d3f38f212a3c4c88ce
Detections:
win_unidentified_045_g0
Create hunting rule
win_unidentified_045_auto
Create hunting rule
Link:
https://www.unpac.me/results/16d34750-404d-4e85-941b-832db53cbcba/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments