MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d047df658498dd43b18f3adaa2775c42d1103a0c211eb52ff1e312c9f2784149. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d047df658498dd43b18f3adaa2775c42d1103a0c211eb52ff1e312c9f2784149
SHA3-384 hash: 15b52215b4164cacd500ddf01c8ebd751ecb5569cdb826ead1cf298262a390242a12d67a40920bc1642c35706f7bc8f5
SHA1 hash: caad39f0a4f58495df614d4df66ef19c08d3ff4f
MD5 hash: 73cf43e88982d3d96d8c0cba4c9f9e09
humanhash: pip-beryllium-gee-football
File name:SecuriteInfo.com.MSIL.Injector.BIQ.13923
Download: download sample
File size:435'712 bytes
First seen:2020-05-12 11:35:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:oDkZenczVpdmJ9xZcD0tJlREghfMU8qd/L/drnxVEF20PVV8kIW3YMB:JIZltbkUTBdLp6rfh
Threatray 100 similar samples on MalwareBazaar
TLSH 5794E66975807A20D71C1B71F49E742833929FC361BAEA472E3CE2A53DFE264CA457C4
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/3372/
Detection(s):
SecuriteInfo.com.MSIL.Injector.BIQ.13923.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 12:42:08 UTC
File Type:
PE (.Net Exe)
Extracted files:
19
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
15c3cfbad0e3b0afe327e53605c463775ef2ae1d5c21b23928a2aa34b7e36719
305d2dc35b0ce0040b0223e8fb187e04ac7c36e99ad620a7b824035183a2ccea
34cbecb7d69d17b347da77599976058e0a02a9930a085d1a5b98505fdfb77a46
354d3e283f994802a084678c53be397a4ea4d46d7e48487e6db6c46f6f91ffb9
383e589441b2d47da8108e096dcbef6501935e91f248158a624bed91fef1524c
4f4ecb62cff991d6e30675be71df634dd9f0e48ce95c4ba92fc9116d6cc25896
7b09e5a976956a0554cb8fa07d9958ba192249fe512f45bee23d5e1ae9e2c974
7e9b9bbb673e25ab8ee790dbfd2a3e489c0d3a88ab73aafe671f68982f1b41da
8025c16aa7b7e0d0dfe71e8f627c287ebefc935a6b65cf180409f36633626277
8a0212846806b7a822b1275aa4421addc9914c4a988fc0ac6458a48dd99ff50d
+ 90 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-rgz31258dx/
Behaviour
Suspicious use of AdjustPrivilegeToken
Drops startup file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/3372/
Cape
Cape
https://www.capesandbox.com/analysis/3362/
Cape
Cape
https://www.capesandbox.com/analysis/3359/
Cape
Cape
https://www.capesandbox.com/analysis/3358/
Cape
Cape
https://www.capesandbox.com/analysis/3355/

Comments