MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb8c9572b8c0299b05a17084ae5dd93d0aea243138bfd03eaafaee950390724d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	cb8c9572b8c0299b05a17084ae5dd93d0aea243138bfd03eaafaee950390724d
SHA3-384 hash:	dbd61f5f6c8c6b2fd36d69956439e2f9fbe8897de51373b1e2cfc64a02e911c83baacae19191f588ab920ea22b89aef5
SHA1 hash:	eb1cb151ada6e83cc1b0eb4810e102a7ddb36b71
MD5 hash:	5d5c633ac8d2c2ce88b18a081ee81bda
humanhash:	jig-five-nineteen-may
File name:	Revised P.O 8400383.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	960'512 bytes
First seen:	2020-05-11 13:25:46 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	24576:4iqfCOk3cwaX0ilH0jzVHjQNngztwd8YiZWOTE7lRKERMbR02PXpbWuwtutVp:4VYzVHjPbYoEUKC8uwtK
Threatray	551 similar samples on MalwareBazaar
TLSH	CE15D00231ED5BA9ECFD87F95A5C90D1C7A3F8AEA550E29D2CD254CA01D1F40E825F2B
Reporter	jarumlus
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

1

# of downloads :

84

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.KillProc2.10384.29844.14414.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-05-11 09:31:00 UTC

File Type:

PE (.Net Exe)

Extracted files:

8

AV detection:

27 of 31 (87.10%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zogjk4vyyauzwbnbocck4xozhufoujbrhc75apvk7lxjka4qojgq._file

Verdict:

malicious

Similar samples:

0fabbaf7f8ad7af3888aa77b2e376db74390064ea8eea0c54fee59fdc2cd54c8

48bef4e5d2768c5ccbbc84d922a276484ce75ed236a72441b5148d7a541a52e3

4e00227920cf24a54644e3d72cf89d01900d591d138eec8dc9eb9682bdac788b

8c04fcdf35613586ea0643b716c769d7ee4a88af77887ef92d908097adbd6fc4

8eeca9884be4d017c4c5cf62fd5b080efd5cf3e9c85d70c518ae31d796713110

9fb0d4a6cb16d10fc8c584647a21530ec375abf85b5a48d7d7578ebe6dc36f27

ade559fead2fb46603d4e1ee25ba703f093107ad8ac2a643ffd7bb7614459205

ca8bee78548af15a74451cdf1b85cd25033cd76d340f974d98b315f2d4cc7110

e643abc845abbeff62e11e9b5e3ca4c3367a3aad01d5d4733c34c965cad9dc0c

f1102765bde9d2485559822259bb55539749ae15cbe3378bfc4146586900fba8

+ 541 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

family:masslogger coreentity rezer0 spyware stealer

Link:

https://tria.ge/reports/201109-4xcjewy3zs/

Behaviour

Creates scheduled task(s)

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Reads user/profile data of web browsers

rezer0

CoreEntity .NET Packer

MassLogger

MassLogger Main Payload

MassLogger log file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip a5e92837868c1df0ee2223d7b8cc47c4afa812f4032ea0a768debdb2cd9132b7

exe cb8c9572b8c0299b05a17084ae5dd93d0aea243138bfd03eaafaee950390724d

(this sample)

Dropped by

MD5 e53285e8bc60d2aaa86c248003752841

Dropped by

SHA256 a5e92837868c1df0ee2223d7b8cc47c4afa812f4032ea0a768debdb2cd9132b7

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample