MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7fc558a477c78eb451cf6479b13d26058bffee1761996c85048182f9596f498. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f7fc558a477c78eb451cf6479b13d26058bffee1761996c85048182f9596f498
SHA3-384 hash: e5b50467026f63da72853a57d85af920b6ecf6c4a3ba88fc1374ff0b78d73831554212221dfc3b19410b77e647ecdc6e
SHA1 hash: 9a9967839d52c944e4291515aea678ea4a2d354c
MD5 hash: 864359835ba4cb553a717fa4fe33a146
humanhash: london-spring-sixteen-equal
File name:864359835ba4cb553a717fa4fe33a146.exe
Download: download sample
File size:18'224 bytes
First seen:2020-10-02 10:55:34 UTC
Last seen:2020-10-02 11:57:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'741 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 384:okONuvBvmxcHjCmtJVNR1gQCEspDgf2hB7:7OkvBvLH1JVr1gQyUf2hB7
Threatray 1 similar samples on MalwareBazaar
TLSH C6820955A7C05621FA7FEF3678A245064B3173C3E66382E7A6DE80154B823C0DFB29A5
Reporter abuse_ch
Tags:exe

Code Signing Certificate

Organisation:
Issuer:
Algorithm:sha256WithRSAEncryption
Valid from:Oct 2 03:50:14 2020 GMT
Valid to:Oct 2 03:50:14 2021 GMT
Serial number: D3F71152C34C13A436491E3E617FF02E
Thumbprint Algorithm:SHA256
Thumbprint: 7C74A3A69B1CA45B8DA6658FCE61D90E9D47563A67EA335727396AE99264FF7A
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/67731/
Detection(s):
SecuriteInfo.com.Artemis864359835BA4.28631.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Sending a UDP request
Creating a window
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/480159
Signature
.NET source code references suspicious native API functions
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f7fc558a477c78eb451cf6479b13d26058bffee1761996c85048182f9596f498/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-02 08:05:23 UTC
File Type:
PE (.Net Exe)
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
2f7ab746deeed9c37386e614856907f3f528af2fe75e3711d165448f8b6fbfba
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201002-yrsna29xhe/
Behaviour
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
f7fc558a477c78eb451cf6479b13d26058bffee1761996c85048182f9596f498
MD5 hash:
864359835ba4cb553a717fa4fe33a146
SHA1 hash:
9a9967839d52c944e4291515aea678ea4a2d354c
Link:
https://www.unpac.me/results/7a9c0eed-9401-4db1-a02d-3cf96b68eb1f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/f7fc558a477c78eb451cf6479b13d26058bffee1761996c85048182f9596f498

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f7fc558a477c78eb451cf6479b13d26058bffee1761996c85048182f9596f498

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/67731/
  
URLhaus
https://urlhaus.abuse.ch/url/636154/
  
Delivery method
Distributed via web download

Comments