MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8c1ef5da202475f7113c36a014ebeda72a235c4ed16b2ba0244ee95c6e44053. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8c1ef5da202475f7113c36a014ebeda72a235c4ed16b2ba0244ee95c6e44053
SHA3-384 hash: 4b6bbee351cc44bf9b54ead17022ea3512964d1247a7ae959720eaa82fbaed8ffc744fc4440bbcb069a2da0bf1d6ee1c
SHA1 hash: ee43d5e2339510e5df738407fab98d4934b8e8af
MD5 hash: c8354a549326f344778c6ebe57e3c6e9
humanhash: kitten-timing-spring-aspen
File name:quietmoth (4).exe
Download: download sample
File size:904'192 bytes
First seen:2022-08-03 06:20:17 UTC
Last seen:2022-08-03 07:05:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c3af21bbc005d7817532ba12b695386b
ssdeep 12288:dovsVlhFS1WtJP0q6YSZ7V9fVmKSH1iSka:WEVlhF8WzPvSZB9K
Threatray 2'169 similar samples on MalwareBazaar
TLSH T15615191BF76344EDC67AC17086679372BA70F82546316A3E2F55CB312F21E605A2EB34
TrID 43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
27.6% (.EXE) Win64 Executable (generic) (10523/12/4)
13.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) OS/2 Executable (generic) (2029/13)
5.2% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter JAMESWT_WT
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
257
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
quietmoth (4).exe
Verdict:
No threats detected
Analysis date:
2022-08-03 07:00:46 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fb1b5190-2bf2-4bb7-be95-2fdc5c3df157

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/296078/
Detection(s):
SecuriteInfo.com.Variant.Tedy.180003.6518.28656.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Running batch commands
Сreating synchronization primitives
Searching for the window
Sending a custom TCP request
Downloading the file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/62ea13dc9ca9b9bfcbe6981d/reports/afa7b84e-f284-4c47-a6b0-19ec9e629d11/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/560c65aa-d468-43cf-aa40-cb9c3bc92f02
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1045417
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Sigma detected: Powershell Download and Execute IEX
Suspicious powershell command line found
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b8c1ef5da202475f7113c36a014ebeda72a235c4ed16b2ba0244ee95c6e44053/
Threat name:
Win64.Trojan.Wacapew
Create hunting rule
Status:
Malicious
First seen:
2022-08-01 05:33:55 UTC
File Type:
PE+ (Exe)
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xda66xncajdv64itynvactv63jzkenoe5ullfoqcitxjlrxeibjq._file
Verdict:
malicious
Similar samples:
2e0aa995df9b6a99e37601b1d7dea6fb85f6c7130980a8c2a275370efb6f0236
30979d6192d60158768f4bf3955399bf3289592403b4899fe7fe5de57d6e664a
36e08c2df39cd84d8969a95de6a6882fbc954e7ca31a5a5d4be8ec33cfa84649
5850d3b23060abb351ae9dafecfe7c19c9e890004f4c14f8ee7d164838fc356b
5e37ccb3f0327957d04963703bdc9e31a121da9d44ef83abcbb388165e76d5db
6cfd239899f3900e6eaa1c1b2a11ddb8b082ee224fb1014bdc9baadb61611135
ce07b1122ef0305ce0dd1588394295073545df0b5a91c63f6ab6eaf5b7f74091
ce309a2f5d17fa9dc0957947d401699492ca6f9d63206486d947aea54c65c589
de85e7754cdb6c18d93f074d58406b4b4e91466cb53e82f962535452ebc2b9d9
ec76ecb58f5ec6d02f2b125102c9fe613891582a7607535a39e1b598cbfc5622
+ 2'159 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220803-g4bhrshagr/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Malware Config
Dropper Extraction:
http://78.85.17.88:8443/reverse.ps1
Unpacked files
SH256 hash:
b8c1ef5da202475f7113c36a014ebeda72a235c4ed16b2ba0244ee95c6e44053
MD5 hash:
c8354a549326f344778c6ebe57e3c6e9
SHA1 hash:
ee43d5e2339510e5df738407fab98d4934b8e8af
Link:
https://www.unpac.me/results/b750748e-8bfd-4feb-8017-66d64ea1bc0f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b8c1ef5da202475f7113c36a014ebeda72a235c4ed16b2ba0244ee95c6e44053

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/296078/

Comments