MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96fddf8ed5ba87a03b03c5e0387ab1f3ef44df00ce11d0761a108d6407472c86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	96fddf8ed5ba87a03b03c5e0387ab1f3ef44df00ce11d0761a108d6407472c86
SHA3-384 hash:	9668bf191714388369bfc38e7dd054d24bf6aaa46ab57ebf4e0090e01ab2740bfd40646da9764f0a845357392085e58a
SHA1 hash:	11ce185684c80f65946c9f36029725fa48b56058
MD5 hash:	58d90785308067dbb5b317014a3d3b41
humanhash:	king-butter-august-arkansas
File name:	shipment document pdf.exe
Download:	download sample
File size:	844'800 bytes
First seen:	2020-05-25 10:55:35 UTC
Last seen:	2020-05-25 11:47:38 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:bx4MBXRSKxCe/AVQjEHWZUL8BGmlFsn3TrdeIZ4p9cN+lEs5o:3Sve/UzWiL879De
Threatray	495 similar samples on MalwareBazaar
TLSH	DE05234132BC17AFEABD97F508406D412BF1776E1123E64CEDCBA0E85983F91499AE07
Reporter	jarumlus

Intelligence

File Origin

# of uploads :

2

# of downloads :

68

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Siggen9.49554.27367.30089.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-05-25 11:35:27 UTC

File Type:

PE (.Net Exe)

Extracted files:

8

AV detection:

25 of 31 (80.65%)

Threat level:

2/5

Verdict:

malicious

Similar samples:

166087b5c6159f9d5ec3df7b7359f111692e0b8d93182a633abeee98aab686f0

23d36a5f91a4d65b1c22377726d6e8765b36359abd59952511881bdfd20e4fd1

2ae5e19dd2e891ea8c09b48a7e0805a2f797cdfe841c0d71acc90d58eef5e94f

3034f3ef4bb5b6973f011a80e6c06ff87931be0121b86153361c5b1845da6b87

38525021970c707fe513c2589e60dbd8ee2d052e1f4700837a5b132b28baaa33

4282ae23bf6e1a962085b045a712056a9d98c1e03d9d77c6a226d3fc7ed89776

537b7da6fce7f85c0343f1f181e3235afa6089e16b58f094213bee5b274cc676

581b90c7085ad0b66ddd0d9a3b66942fb5610ff74ebe16bb7f849fdab7358937

5c826e35fe48ce5410e9c553242a83e71b2408a57d3256bcd0bd4334412010b0

e600c55644ad7de134de19f4a284b041ca4090a38cb6306141a10df911596b08

+ 485 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

coreentity rezer0 family:masslogger spyware stealer

Link:

https://tria.ge/reports/201109-5dws2ezy3a/

Behaviour

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Deletes itself

rezer0

CoreEntity .NET Packer

MassLogger

MassLogger Main Payload

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz ca65b4f4e502d041504096fc855bf98d75bf824331442f6df97e2150df9c5821

exe 96fddf8ed5ba87a03b03c5e0387ab1f3ef44df00ce11d0761a108d6407472c86

(this sample)

Dropped by

MD5 5cad38a805c183331cf2829328d92ec0

Dropped by

SHA256 ca65b4f4e502d041504096fc855bf98d75bf824331442f6df97e2150df9c5821

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample