MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb105b408d5010f2bb82c8d5960af3303e96e7fd64d7777263d475c351b6d59c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb105b408d5010f2bb82c8d5960af3303e96e7fd64d7777263d475c351b6d59c
SHA3-384 hash: 4b8c6b179970628e5197489c70bbe3baacba0e5e90acf9f244d34b05f882b9256587d59ea68aed4459725e8713bd8cc8
SHA1 hash: ad3283571ac149a8427e7f450a71263921bac45b
MD5 hash: 8d196b6f2687b1b6d034cd6d63d2bd37
humanhash: three-lithium-alpha-pip
File name:ReU_R_G_ENT O_R-DER JuneJuly.exe
Download: download sample
File size:839'168 bytes
First seen:2020-05-13 10:16:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:PMggIWMHyZ4UXMp5FYlzqh4nRhE2FWc56MuNhlk4i//S+fVZuAR1cL4qApY4LQBa:kggIriluOncuWhMuNhOXuAR247YhV5H+
Threatray 2'172 similar samples on MalwareBazaar
TLSH F0052365B264941FD6AD17B169B1980903F6EE3AF8B3F6CC5D86B4EAC5723D00013AC7
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: cmp.com.ph
Sending IP: 45.11.19.32
From: Cem YÜRÜK <chyap@cmp.com.ph>
Subject: Re: U_R_G_ENT O_R-DER/ June/July Shipment
Attachment: U_R_G_ENT O_R-DER JuneJuly.zip (contains "ReU_R_G_ENT O_R-DER JuneJuly.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis8D196B6F2687.18830.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 05:33:19 UTC
File Type:
PE (.Net Exe)
Extracted files:
9
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5mifwqenkaipfo4czdkzmcxtga7jnz75mtlxo4td2r24gunw2woa._file
Verdict:
malicious
Similar samples:
0d930c95086d940a2792b918f6ad9ba0ae3a36db0265e46eb1fe6484627f9648
293abba95362ff2a09dbb81d8cd4bb495da6d919950fec22ffc3880d8134eb49
634c1e8a424853d26eb14bdece599130c1e2687669fad8bdd2a204f76d142bd0
9703a6f7740686187df364a6adb905c49546d8a1b1e491d1a7163686e464ec6b
9a86a7d4ca6381d727287f79cd2f48fb6f6b1d88635f1c3cf00f0bd02236d49e
a67d4aa57cad3a898d742b9e3b48f92abde261fcc0107365582970f1b27f7b10
cb9a05bd15c5b04233a96deffa831bbf148f4bcd612c4cbdb0cdd38fb523364d
eded02bf0afea18ebbcaa7682ad7f3d1215b064cd2a3185f230b87195ef85218
fcb19cd0d0cdc5fd3adfbeb8f368db085eae093d92cf54fdf412f99c2dcbaff5
fcf065630d1e02025c3ffe61405ccf6df1f2bf2ecc375a5122a1fc4ad4a4368e
+ 2'162 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:masslogger coreentity ransomware rezer0 spyware stealer family:agenttesla keylogger trojan
Link:
https://tria.ge/reports/201109-l2gjqrsjja/
Behaviour
Creates scheduled task(s)
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
rezer0
AgentTesla Payload
ServiceHost packer
CoreEntity .NET Packer
MassLogger
MassLogger Main Payload
MassLogger log file
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip b6aceabd9ec0ed9e95a65be7e3d4350abbfacc38f32a72e4922b61252bbd6223

Executable exe eb105b408d5010f2bb82c8d5960af3303e96e7fd64d7777263d475c351b6d59c

(this sample)

  
Dropped by
MD5 b91c4ebaf700df2eebfd8ad657f2f9c3
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b6aceabd9ec0ed9e95a65be7e3d4350abbfacc38f32a72e4922b61252bbd6223

Comments