MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 182321120c1270861876820e9413137d6c32cd8af4e6aee6cef87ee5fa236b5b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	182321120c1270861876820e9413137d6c32cd8af4e6aee6cef87ee5fa236b5b
SHA3-384 hash:	26f6323c41a434248f072323169be526a0cd44ac54b23e73a043b5ef5d42208458ecb40941dfdd00ec82eb49d6926d11
SHA1 hash:	1d4c356c5e4712c00ff520bcdc9dab67c64e5527
MD5 hash:	5c9cf3c5e19f0afaac55d3c64d498e9a
humanhash:	timing-asparagus-fifteen-fillet
File name:	RFQ COPY_PDF____________________________________.exe
Download:	download sample
File size:	1'756'672 bytes
First seen:	2020-05-12 10:12:02 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	49152:md64Ep6QMP8rOfN42uiuorvNBgNYkw1f2sW44xdk:OnEpYLBvNBgvWf5cW
Threatray	640 similar samples on MalwareBazaar
TLSH	8C85231932AEAD0BD5AD71FDC182121093B8632A6527F7D36EF180E867C63D72285F07
Reporter	James_inthe_box
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

77

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Artemis5C9CF3C5E19F.27319.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-05-12 03:00:53 UTC

File Type:

PE (.Net Exe)

Extracted files:

8

AV detection:

23 of 31 (74.19%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=darsceqmcjyimgdwqihjieytpvwdftmk6ttk5zwo7b7ol6rdnnnq._file

Verdict:

malicious

Similar samples:

068380948f9ea72a9f1b3cd0f1c5f7dc1686405f0c7a532c53174b24deffe305

13dd79b77c2ed2ba77d509e2d3b4621e83f7105674353f7e30930e07b099bce5

2222ddfcb76c8c278bbabf1b094e47950023f1319ae484d44dc502b91700db17

5136cc442f7ff2a99cb5c3c64c0419d23a3aba57f7389af3a758615eb8b6d26b

a007c974d0e999a91fb8e3c81489642b608dee675c411d99baf42499c64cc1a8

b46571fd44360c7d8e9771a807c0914f419dc7dc69a43b475b537484a1aa5053

dbdbfa24b62d54b1624dac7d07bd939677342c820867b0d8993f0ab95af3d342

e0cea593cef95fc3438ec707ef6d293c3189c3a3144a389f790cccfaec770759

e666762b026d8017d202c3bf8f6b32d9a13bff5549735a93611e79b3c1a9ff83

fe3dcdbbb57d61e04df490402d1e477ec1a804add945a2287c697b18a2234227

+ 630 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

family:masslogger coreentity rezer0 spyware stealer upx

Link:

https://tria.ge/reports/201109-pd6g1ad7nn/

Behaviour

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

rezer0

CoreEntity .NET Packer

MassLogger

MassLogger log file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample