MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc17491bc178e0e70f05ea771879c0a3f800fc44ce53c9eb201613583d85b569. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc17491bc178e0e70f05ea771879c0a3f800fc44ce53c9eb201613583d85b569
SHA3-384 hash: ac05963a2006a0fa610bef155b4679499760142e9be7dc8d7073b2ed79de7050a53b57bf5e7e281eb1be4acfa345090a
SHA1 hash: c06e16e7a06a7fed7d0488a08d34f0c20c988f56
MD5 hash: 0c9c49f30603cd1179a44aacdb977d62
humanhash: earth-muppet-zulu-bluebird
File name:PO3221142020.exe
Download: download sample
File size:31'744 bytes
First seen:2021-01-15 07:10:00 UTC
Last seen:2021-01-15 09:12:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'750 x AgentTesla, 19'653 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 384:sHbRitEd75wtCEadvHNTxqnua8KmRKB2g6ARg87UEVUTFDKdC2Sei+HWjs:Hi5H/qrEa2nA29CURKdCkZHo
Threatray 138 similar samples on MalwareBazaar
TLSH 5EE2A655238CDF05F167933A731312A36B512B8633BF4BB8DB2607562861BC46F62D23
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ideaone.net
Sending IP: 93.190.51.130
From: Mr. Muayad Alfaouri <sissy64@ideaone.net>
Reply-To: ceo@acongufe.net
Subject: ORDER REQUEST
Attachment: PO3221142020.zip (contains "PO3221142020.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PO3221142020.exe
Verdict:
Malicious activity
Analysis date:
2021-01-15 07:18:46 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e3697069-d57b-4425-b12e-006d3a2b0a88

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/112168/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.nm.16880.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
DNS request
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Sending a TCP request to an infection source
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/582269
Signature
Connects to a pastebin service (likely for C&C)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc17491bc178e0e70f05ea771879c0a3f800fc44ce53c9eb201613583d85b569/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-15 02:28:22 UTC
AV detection:
5 of 46 (10.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zqlusg6bpdqoodyf5j3rq6oaup4ab7cezzj4t2zacyjvqpmfwvuq._file
Verdict:
unknown
Similar samples:
495955225d3f8b7ee34f7f194685ac06621f177e25aca6bde09d038b0a2afd74
6f96c1cc562c104cb339f346411c7b983c42ccded781115e1de67d645df9a00a
703aadea111eae71a7dfb3f2c63c4522b4edd138033fef221295f74d3509e10a
86c9b8f7003a77106c1746a855da645783d6ed30fffa45350554ab2edd0e1290
8daa3b16b15dd52ffb99eb0644b52712d889fe9528f8633dd16b4b405b017130
944ea69a7adfffb602bdac56556138efc104f6ebeaa6bc9161eac4551ea8fb16
ba8b11076fdcce8d5eaa8232911cb206cad4013ed47f98056da27bb6f161752f
bd316cf33a3964eefab384927f84493c2f1d524660a854f18b1e166e8b93566f
c0db986156f4b10be75811f138f0bd93776e7afbab0fc9ce376cc0dcdd0cc492
facf1bd37fa739f82bc10a7a6e7436b4871af89e3c8389270673e2dbb76200e4
+ 128 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210115-cjnweb2fna/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
cc17491bc178e0e70f05ea771879c0a3f800fc44ce53c9eb201613583d85b569
MD5 hash:
0c9c49f30603cd1179a44aacdb977d62
SHA1 hash:
c06e16e7a06a7fed7d0488a08d34f0c20c988f56
Link:
https://www.unpac.me/results/49af6b16-62f8-49ee-8444-10fb3e3532be/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.56
Link:
https://yomi.yoroi.company/submissions/cc17491bc178e0e70f05ea771879c0a3f800fc44ce53c9eb201613583d85b569

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 4c52bc55da032e2aa9fb7867bdb46750383e46bdfbc4187ed2a97e269fe5660d

Executable exe cc17491bc178e0e70f05ea771879c0a3f800fc44ce53c9eb201613583d85b569

(this sample)

  
Dropped by
MD5 b62a9d44cf16ab607e6d3d14423f4b79
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 4c52bc55da032e2aa9fb7867bdb46750383e46bdfbc4187ed2a97e269fe5660d
Cape
Cape
https://www.capesandbox.com/analysis/112168/

Comments