MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c77b479ead371d060f45186dc10d6bb2c9d32aac0275de27fab94b2f65a54500. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	c77b479ead371d060f45186dc10d6bb2c9d32aac0275de27fab94b2f65a54500
SHA3-384 hash:	8fdfd7edf2a3fcd6bb7ab5f3cefec399b263ec574532ef20b41234075ee038e7f6e22af949a4472e878d7f086f1e240e
SHA1 hash:	bca1cf7d10b095100273065d9e59fd1107afd353
MD5 hash:	e6f2ef791f0ec1869a975fa14248e8a1
humanhash:	two-colorado-batman-ohio
File name:	NEW ORDER .exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	726'528 bytes
First seen:	2020-05-15 13:57:33 UTC
Last seen:	2020-05-15 17:58:06 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:xC9HsfKgpwVhhQ86MdrMfpNkHQ1az8haIineyg0FZyS40UT/oSCrRG52DMtxrhge:+HsTAw860E/kHdhheyjyS5UrHCo5nhKe
Threatray	1'959 similar samples on MalwareBazaar
TLSH	B3F42350936C91BFCEDD27BD4836B14093B05DA3A201D7093D6E698E4DBF7AD69003AB
Reporter	James_inthe_box
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

90

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Grp

Status:

Malicious

First seen:

2020-05-15 02:04:20 UTC

File Type:

PE (.Net Exe)

Extracted files:

2

AV detection:

26 of 31 (83.87%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=y55uphvng4oqmd2fdbw4cdllwle5gkvmaj254j72xffs6znfiuaa._file

Verdict:

malicious

Similar samples:

00c63f44b1367e22d7d7887651bbee0ff02e40891480bb0b88d3ae636b912ece

0b4d001811a23c80e46ea16c0da379ca1ba36db182ff9f1a4d8ca0b61b992d03

172c74e8e96c4890d099911ab0781d1e2c067f7379ce99d6389943fc36947afb

3a66b84fad0de0a2ce0fd2d36242b338cdf621d442f1b2ef12a07c7f97371791

43d9cf724e29e3ebfa8343e50e9e08ae89ebacea0bacdcde4d7c8d827ed51570

9294a8ea74f411cd80db8d5b32d098e98baf1d035a64e85bca26508014ab3371

a7b1a7fff061e31af64a38658b4f8de3a537a2b35f3d753f7a8341b68e7a7bae

d256dcd3fe9558c5d88fe07815714892f11806577d6bc5ec726124a60678c89f

e9eb4d205fad12909fcee34a44bceec578b13b8dd5c887b116d2f3c9c4818f66

eb241442be478aaf79ad13d352ed730a2d442b9dbafd5c962a5442a6b9f82a0b

+ 1'949 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

family:masslogger ransomware rezer0 spyware stealer

Link:

https://tria.ge/reports/201109-zh3ssdxj3a/

Behaviour

Creates scheduled task(s)

Delays execution with timeout.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

rezer0

MassLogger

MassLogger log file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample