MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78f4940fa048d4ac80b908f84bd22916139e220f2695c2be7efac13e39df0204. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78f4940fa048d4ac80b908f84bd22916139e220f2695c2be7efac13e39df0204
SHA3-384 hash: b390fff287cee7c691d90777dfc75b0f73292716bdca7376b9580c2111d42db827bfb742735e86c0f4d8d2e09998d1a5
SHA1 hash: 56f0c9cd63c97f751d98b61d5768b63f3538ff5c
MD5 hash: c384291931165eda82a0ed25d4c7fa78
humanhash: may-kansas-kansas-nine
File name:SecuriteInfo.com.Trojan.Siggen9.47202.4768.30612
Download: download sample
File size:104'448 bytes
First seen:2020-05-20 11:46:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 1536:O0J8EowBdA4Im2lAuWEoL0DzoaymIkatsm+o82DDUbdsy4FxFIz53iB7Qu:TuwBolA/E8qUaymEtjDOCPFiI5D
Threatray 115 similar samples on MalwareBazaar
TLSH 14A39D9423FE1F62D57D8FF815A1601417F2B06BBA95F60DDDD230EB2262F905AA0E13
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47202.4768.30612.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 03:02:57 UTC
File Type:
PE (.Net Exe)
Extracted files:
9
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
04cd4e603ec3e6042cc9d2b04e3e156f829d3fa0cdf76baf978ec0562116c4a7
051b439b1e03b920fd501b80238f05ae19545e0aa253caee060c4f950c05512d
1b80a4ed292739d34f6ac9212f292988eb2cb028f22e68d6f87a2c1d9df12ff8
1baac8b88ecc811192cf8c2a7c170153ad350646265225f0d4a0ac351a1f197a
3a05103dc5564c6bb4216f9057360038d8fb75878d984a142fa4ca00b59dad12
5a07f2f6d957bef6de06f48eb20ce3ac1cbaaf4ea0ec748e95d14f9bbf5d7e28
74b39dfc539ebe9a0adc227f19c18b8aaf418dde00f8188eec6133b6973d847e
93530061a5471c3924101d67487ae9bb3e7bba6417942b2b75186ccbdc7c52bc
bd4f3949e25b42fdee91e6bc2e099486ded43063f6ebde35dc1a5309bdbc9033
eb76c1dafa680fba1a5fa8f93d2e2111fb2fee0604e1ba494934d9d6d74cec2c
+ 105 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
coreentity evasion rezer0 trojan
Link:
https://tria.ge/reports/201109-5j3z4jy2cs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Windows security modification
rezer0
Contains code to disable Windows Defender
CoreEntity .NET Packer
Modifies Windows Defender Real-time Protection settings
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 78f4940fa048d4ac80b908f84bd22916139e220f2695c2be7efac13e39df0204

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365251/
  
Delivery method
Distributed via web download

Comments