MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd72223afa837379fe320c88e0c18d6bffaa463615b4d68c1afbfd3bac4f5f93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd72223afa837379fe320c88e0c18d6bffaa463615b4d68c1afbfd3bac4f5f93
SHA3-384 hash: e4ac9bde4a5405e5a5946805b47fe5c49d45161d1b28cc330dc21c2dc3213fbc91555b075ec0d514f2889036f71ee2c8
SHA1 hash: 041a47cfdbc1a73c6418695a64179408487034e8
MD5 hash: 47d7b2a7ff9c35fc3b49bfb8c400f2d5
humanhash: one-mobile-thirteen-arizona
File name:bd72223afa837379fe320c88e0c18d6bffaa463615b4d68c1afbfd3bac4f5f93
Download: download sample
File size:989'696 bytes
First seen:2020-06-03 09:20:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:typO8/KaQFpNcfx/7lD70EiP+5ZTFBvZHgua:typVya0pNcJ/uEiG5ZTTZHg
Threatray 463 similar samples on MalwareBazaar
TLSH B525E09C725072EFC857D472DE982CA8FA55787B871F5603A027099EAA4D887CF240F7
Reporter raashidbhatt
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 09:55:16 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
0b46380a79a72d6029ee1437d2b2c7c542a33dbba00a73172e8917fa902c035e
100b0b79aaaf948df42bb2b46ad0a6e57c67e2b2a7d91d16c225c24c77f70d2a
2fff208eaaf2f71f4114ed722a48ffb147ebe2db14f241e0506fa8692dc03ab3
4fd457b5e2ff2430dbce5692ba6c47253ade9e105ffb192d01aee29d6ba7c912
70502bb6c9fd88cdce1092f83ef2f6408a039c7b9de5652cd22087159dd8ba28
7f2a8610931a1f5ff9793dcb854ca01aaa6410fb5b4dc287753c558f1b60eee1
8f27118a7a0517e6c4d8b6cd4c4750a5c931bc0629194b331608b7109d7d202f
a643a629e8acc513e9c6d51842fe1775208b64c4e1e20036fa52b7038ecf2c25
e245394d284c52b53c088927f7548cccff63b0bdc36427c1e4f6f66edc3153bd
ed02a2653566d5a67a9b1863d02ed672b1947a6566cc61464f0d7a24ea335074
+ 453 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger coreentity ransomware rezer0 spyware stealer
Link:
https://tria.ge/reports/201109-ljcn4zymv6/
Behaviour
Creates scheduled task(s)
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
rezer0
CoreEntity .NET Packer
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments