MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb17f05722fdf539b6675a082e193e5e29957c41dfd8bf114895c8278389162d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb17f05722fdf539b6675a082e193e5e29957c41dfd8bf114895c8278389162d
SHA3-384 hash: 690e5dc6435bf703e3b17ed405b0c687e09deb262d7ee7f00ff6c761f0666a65144913d1eca964251e7443664aabc098
SHA1 hash: 9389d20935ae2b5eae73ad08d57940476a24588a
MD5 hash: 667b2a9ff17bb2184e3788a91aac944e
humanhash: item-steak-cola-alaska
File name:nggVa.exe
Download: download sample
File size:20'480 bytes
First seen:2020-07-07 17:04:55 UTC
Last seen:2020-07-07 17:59:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'750 x AgentTesla, 19'656 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 384:xW+XimUFNGQbxM4FTiPx5HYeqbrXF1ba/OMBDZKnuWrVZEBL:xW+SxSQbC4FTizHHqN1bZMBDZKnzrVCL
Threatray 55 similar samples on MalwareBazaar
TLSH C592D734B3D5472AE4BB477A9AB5C391CB32718A8212E39F49C550D68E637810F137AB
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.DownloaderNET.76.26164.31504.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Creating a file in the Windows subdirectories
Sending an HTTP GET request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cb17f05722fdf539b6675a082e193e5e29957c41dfd8bf114895c8278389162d/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 17:04:42 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
1681aa9c53703a91a8feb2296051bffc02763c1663e8e50113d51c4b7cb37378
4ab64bf3848bd35e690879055bcfc38dd7b42c1cee8e6e18135729670a3cda5d
5c164b47abfcecfc8f75d220cffbe8a9de97cf956154783aae6d885c180c1e8d
62824d9a353a539053724252d3710008e5894f3580fec8449ec38b7828e7b389
aa30299c8266809acb727ef5ec89a80f0cdbcc848550607743f256438f00e398
aa4ea575f062475547ce69415145acded3eda98cff4e8e2b532b1f3201b1b0bf
bfb194c2020359da5169cc6eb2664551e61ccbe7c67af375c7c7c5c8f2b84bc9
cfac75f3ee6ba6f7816e73908f679a7c185b12044580c1f6b0cbf41dfe74b0f7
dbbc9e640af23658de56eba2f5ec2152de38fa35f11343f0d2216b8b5d7967a8
ed1a371e8918f6f1dde9fad1e3edb2c984ea3704217e2bca5b2489b61d1bc56e
+ 45 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200707-7pat8qba3j/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/22364/

Comments