MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 daf5fb094685e539b734678789da31bb003a3e4000a29c651d6bf93483fdc021. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: daf5fb094685e539b734678789da31bb003a3e4000a29c651d6bf93483fdc021
SHA3-384 hash: 42bcfacaf76f08a800647a5afb520a6f1d9f46a79e40bf82ae1bf4083ae7e525f82507cf34fad3d6d86d2635cd2d4627
SHA1 hash: b15bd3a54b07ff4cb42bdc1e9de98ca511488ecf
MD5 hash: c39c2a20e5ebab0a4db1e58f192ecc5e
humanhash: seven-robert-carbon-ceiling
File name:payload.dat
Download: download sample
File size:37'376 bytes
First seen:2020-05-21 16:40:19 UTC
Last seen:2020-09-10 14:00:27 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 384:mmqKoic9sJhH+NUOXliYGk0zi2+vFSZQcl4lRW+FC4k2mCEMwiY2tIk010ASP8V+:mmqjCcNUO/l6iNv8ZQR7vIch8VPG
Threatray 89 similar samples on MalwareBazaar
TLSH 02F2712365DD7C91E1791A32BBB753C4C32EEE122613D62E25D87619E63D2833D423D8
Reporter w3ndige

Intelligence

File Origin
# of uploads :
5
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.InjectNET.14.28410.24909.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 17:35:32 UTC
File Type:
PE (.Net Dll)
Extracted files:
14
AV detection:
11 of 48 (22.92%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
041f85034f71a295c168af2719d1dfa7a5d346f57b16a4b17bd6a471e3ceb55e
0f1f333f34d4ab91907ca6a0ad8d3360d5324623e9c885ab228127bce34932e5
1ae9562563888e54d90d5a869caaa7c81213273467a71c28fb50349cf967741e
27bd6b90b0679826263d4555f66bfc6d153c46538b5fff3a23cf31f03ef2c1a3
30d3cf43f91eea8df889ee14337ca8067bc68521ff63184c679aac80b321bb75
3b6888d30e34ab5f977345c962d76f352483f6138a89079061839af1f553ca18
48b9908bc98ae2903ee34167224b402fe5eb3a6c9b853ab17e728de52e2639a0
510b24a8ddcc1a99925f07d8ec0b56489930147a95810b787291b3396bd54a7c
af7abf4770db042bf4efafdb4272fa96aab841951b99d54954dc7c95d619f4e0
b3c6c2e2e5effd624cf69538b95a8332c8a1d135d69242d24374f13f000dab0a
+ 79 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6c9fzyhsxe/
Behaviour
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/91b1966a-7d29-44fc-834e-3666fbd0367a

Comments