MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4a33b8f7fb094518fd522f620884e2b19c0f0e6176049d0995a2c8692d1d933. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4a33b8f7fb094518fd522f620884e2b19c0f0e6176049d0995a2c8692d1d933
SHA3-384 hash: 6eb33e4954254ece24c9539e1bf1a4bf4e95d865e13440dd18459d5e0f865f21e7dec7772f06b0d2b1cc089f0def175f
SHA1 hash: 58cfc5eda13f4d2b9877c6303f0d1b8e59a88b2a
MD5 hash: 3851581a28f90475da9e3c7f2ec08a46
humanhash: utah-fifteen-carolina-saturn
File name:f4a33b8f7fb094518fd522f620884e2b19c0f0e6176049d0995a2c8692d1d933
Download: download sample
File size:3'182'768 bytes
First seen:2020-11-07 17:37:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bc70c4fa605f17c85050b7c7b6d42e44 (15 x njrat, 12 x RedLineStealer, 10 x AgentTesla)
ssdeep 49152:k4BWVpPXEiH23mZn9cnqNdRTfDDc6HwDvZNRWchGlkTkYfi1HrLjtalQ68/W:upPXuk93jRTfv3iZnWTKTirLjtalQ5W
TLSH 17E5338EA7E4457ACC720B7114F90BC333367AB29BA4C69F168FD8530D539A51238B76
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %temp% subdirectories
Running batch commands
Creating a process with a hidden window
Launching a process
Creating a window
Creating a process from a recently created file
Deleting a recently created file
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4a33b8f7fb094518fd522f620884e2b19c0f0e6176049d0995a2c8692d1d933/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 17:44:46 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
azorult
Create hunting rule
Score:
  10/10
Tags:
persistence family:azorult evasion infostealer spyware trojan upx
Link:
https://tria.ge/reports/201108-vwk2rj4ane/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Creates scheduled task(s)
Delays execution with timeout.exe
Runs net.exe
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Drops file in Program Files directory
Launches sc.exe
Drops file in System32 directory
Suspicious use of SetThreadContext
Adds Run key to start application
Modifies WinLogon
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Blacklisted process makes network request
Modifies RDP port number used by Windows
Modifies Windows Firewall
UPX packed file
Grants admin privileges
Azorult
Malware Config
C2 Extraction:
http://newbeirvellbackup.press/index.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments