MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef23939fa13c9ec74f10d73bd6f9ca62c3465d9da568044305f99908194b12ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef23939fa13c9ec74f10d73bd6f9ca62c3465d9da568044305f99908194b12ab
SHA3-384 hash: fb98480308f5f37da66bebcdee972336b74d9af9e5aab4665ec0c6d9ae292b51b283ac7a166f54196b4841a1e390682e
SHA1 hash: 548fb12f2aba6a396499efc9caf16e3efc997ecc
MD5 hash: e52b5dafcba4a2a223944b642152a2a4
humanhash: alpha-don-south-massachusetts
File name:a782648c050764a6b691f4b741abd32d
Download: download sample
File size:1'036'289 bytes
First seen:2020-11-17 14:10:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fb1256fab57d2dfd02791ec2cff51231
ssdeep 24576:GcyH0wcN4kF3YUpPo2w35O6A05LZHhIxara/ZSL77Lv+f6T8E:4H0wcN4kF3YI055pVrgwbD
Threatray 85 similar samples on MalwareBazaar
TLSH 9425C01C9BF21527E0565AB7D98CCA7B4A4368BC36A3C2B174F53AD7BA853C0065923C
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
50
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Malwarex-9792170-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ef23939fa13c9ec74f10d73bd6f9ca62c3465d9da568044305f99908194b12ab/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 14:11:40 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
2ba65c6392cdc7f34eaf9c35f66d0e51fd7b384220a6f4f24a789b8560b4369e
2ca57ebbf48c57749650c40d45af0dd53b38d8e82a9d3668548a81c678e3ebad
422ccd76531ef169b20dd7ea8540fe553a085d74f9f0b11dfd632289c26ef2c9
5a84b35f74442eabfd3aa73d31f7a52aebf1c96bfb6b390911742931076d9bea
6186af3342ae4ac28333e6b5ecf3ddd4ca934924d3cfe99f2f12a1d865f438cb
76576816115e7934992e15abe252c6904835d10051382b0eb56abe42f4d94d54
86fe2e6e9e79698dceda960022520a304789ca3c395e5834aac148f8f9176035
8b2e2511d5ebbee5a597370b10bd62699406e8e0da0d45a5acf193a6a7ad5e3d
a91d59c97ca82cdb4fc003a58f71e96d9006fd9de285b8b4b9292c334509e364
c48593dfc87f2be8fa0dd33decfe26210fecb999a4f8095b363d6df8153991b2
+ 75 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-tmsd8qc642/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Unpacked files
SH256 hash:
ef23939fa13c9ec74f10d73bd6f9ca62c3465d9da568044305f99908194b12ab
MD5 hash:
e52b5dafcba4a2a223944b642152a2a4
SHA1 hash:
548fb12f2aba6a396499efc9caf16e3efc997ecc
Link:
https://www.unpac.me/results/0724fbbc-91d3-428a-93b9-48a429a510d8/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments