MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d4b70f445a7b07cd75211fee3ff6749e633b2e8bdd86380253d9dec595448cc2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d4b70f445a7b07cd75211fee3ff6749e633b2e8bdd86380253d9dec595448cc2
SHA3-384 hash: 25662c8889a1437837611a15668bf0b7162996df3ac70c946b1f014d15d037686f6bdf44a86b6cb842bb9eaecee14750
SHA1 hash: c4238a2bc0dc37140afbf97699e7b7c261b8f12d
MD5 hash: 592484360993b02060d7d5c24804f8bd
humanhash: seventeen-massachusetts-nineteen-autumn
File name:592484360993b02060d7d5c24804f8bd.exe
Download: download sample
File size:731'328 bytes
First seen:2020-12-28 17:49:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b98caa61c34fcff9ec4c8f0dd186884b (1 x ModiLoader)
ssdeep 12288:7fLWNFPxOxLraMCrqfZW562wzVAoQKzT1AIvi56LffGfbW8T:rynGraMCrV62mVAkzlvHLffGyW
Threatray 1 similar samples on MalwareBazaar
TLSH 51F48DE262A2153EC0765A348C1F9194DC65BE03295477BE2AFA5DCC9B3438035DFEB2
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
173
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
592484360993b02060d7d5c24804f8bd.exe
Verdict:
No threats detected
Analysis date:
2020-12-28 17:50:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4ffd77a6-28e1-4048-9211-af083895f75f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/109602/
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Connection attempt
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/570931
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d4b70f445a7b07cd75211fee3ff6749e633b2e8bdd86380253d9dec595448cc2/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-12-28 17:50:06 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
977f77728f1783062f8c072096f0b7535ec74f686c3e40db5dc78766edabffeb
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201228-avcsqdfe7j/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
d4b70f445a7b07cd75211fee3ff6749e633b2e8bdd86380253d9dec595448cc2
MD5 hash:
592484360993b02060d7d5c24804f8bd
SHA1 hash:
c4238a2bc0dc37140afbf97699e7b7c261b8f12d
Link:
https://www.unpac.me/results/7fb30a64-9883-41b5-9113-f0e9a8e18aeb/
SH256 hash:
f6368ca109585a523c072e714df2b8071958e66f1e6a4666690b1a5d7ab61a39
MD5 hash:
781588ca6ced778abecbf571fc7f8d5f
SHA1 hash:
fb40ed2af77e410e5e60dd0385f76e8d8fe12da0
Link:
https://www.unpac.me/results/7fb30a64-9883-41b5-9113-f0e9a8e18aeb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d4b70f445a7b07cd75211fee3ff6749e633b2e8bdd86380253d9dec595448cc2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe d4b70f445a7b07cd75211fee3ff6749e633b2e8bdd86380253d9dec595448cc2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/898668/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/109602/

Comments