MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d379eee65882271295835328b7de823506975f6bce91735577a759ceff14f11. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d379eee65882271295835328b7de823506975f6bce91735577a759ceff14f11
SHA3-384 hash: 6acc1f7fb524740fbb94e371b5d5ee3679cced1d741bafa93ffb4b0eb408c2538205041e39078e137dfbbbe87f5dbd60
SHA1 hash: b814526f2dd66fde7a7cb5e84a232b0932645721
MD5 hash: 1af70802072033e3778c0457cf056566
humanhash: shade-football-sodium-mars
File name:SecuriteInfo.com.Trojan.MulDrop12.15751.23705.22378
Download: download sample
File size:1'026'048 bytes
First seen:2020-05-09 15:59:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:AQ/hLXFqwumQHagIxYylKDfVnrqGPXW7VtV7NYAoaZFjGEQmRkV7nJeoxbC3k6Rn:AQVXFaz9ItlKJrqdtVWAo24EQmRul1M
Threatray 448 similar samples on MalwareBazaar
TLSH C225CFAD3254B99FC817CD7AC9582C60EA60746B5B0BD203A51319E9AA0DFD7CF042F7
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.MulDrop12.15751.23705.22378.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-09 01:13:06 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
28 of 31 (90.32%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hu3z53tfrarhckkyguziw7pienigs5pwxturonkxpj2zz37rj4iq._file
Verdict:
malicious
Similar samples:
2120cc9b71de9e66d9450987334dbf4543968a758162c131ca598a60b86f22ce
2f7025f2fb26ba4c9721c32e2d27cc7a391b04fded90b6aa788a973cedeadd81
47799b4853ffa2cb541f153f0b50fc335324a5964e04093a8316d4a62eacc8f1
5c826e35fe48ce5410e9c553242a83e71b2408a57d3256bcd0bd4334412010b0
8a3dd3eb355760a77c7bd89e2316c7741e37f9b20435a23d144e58ba856bd7c7
94581916a6f0f8c4c0e9238fb1ec9ee8f44035e750f7a41115e68ebe526e6ee4
9c5b8535e2ac554768c5cfc3d655a3aed7647fe2280e66161a516296eb5a5918
ae827e126c9f242564090fd5cb50ab392d61eae0f8dc1d43654bcb16aeeadc2e
c16e569fe7d77436566b268fab7037ab71efb99a5108aa452602479267508305
cb8c9572b8c0299b05a17084ae5dd93d0aea243138bfd03eaafaee950390724d
+ 438 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger coreentity rezer0 spyware stealer
Link:
https://tria.ge/reports/201109-se25zpvpj2/
Behaviour
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Reads user/profile data of web browsers
rezer0
CoreEntity .NET Packer
MassLogger
MassLogger Main Payload
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments