MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3eb876bdd52d2f6fb8a8dfe28fcff50129a1fd88f76b3e99c500357c36ff862. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f3eb876bdd52d2f6fb8a8dfe28fcff50129a1fd88f76b3e99c500357c36ff862
SHA3-384 hash: e141104dbd66be5847fccd1e55f8cf0a71dd989400be7a9a314f6ebc03ca0c59cc48ef64b7fb34656cdded7e8d5ee8fa
SHA1 hash: 5842ebc42f690da2a2e343f0f9f1af0007c49ce5
MD5 hash: 4b3cec4aaf6625c5ade4c14af160eeca
humanhash: hotel-lima-vermont-pennsylvania
File name:SecuriteInfo.com.Trojan.Inject3.39524.22027.11591
Download: download sample
File size:155'648 bytes
First seen:2020-05-05 01:44:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 3072:fE685xKaYwYGTfwsBkXUV4uZhgG7aivZpbVIn9+O:B8rJ5YGjpCUaah6ix9VKT
Threatray 398 similar samples on MalwareBazaar
TLSH 8AE339286AF8CD37CAEE46F5FC44500453B0C2E69D41F789D9A174788C47B666AC3A4F
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.39524.22027.11591.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 19:26:21 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0598b4ce2460676755245bad49490a9c94ae85a074c2242adfa65c52b0ad3796
20edc5b15578c2714fd64a6577a5bd1fbbb13434dc2e900e3b7c568537206050
67669c698454edaee7a64ddeb26eea619e2946939a4d71b5299b9fef7c4252a1
82d3edc9ad7ba25feca5ef08641b0f030d92faa5dec17f3148e062b727a0240c
895225b53f54d122a60d52a692acfe09a4fb64fbc2bea01746d2ec3f12e3a564
a563a898ce1c8dcac374ef8a468e39a185ca3b010f1a41b60731a7beac23f846
e20afb0d09a4e47be30404425e599d42071b310c01f0d9674567a4f3e284b62c
e2d6119bb484c9e5f5a7107b4687553416208badbb881df4328bec5146d08509
f57374520bfbf5f5afbbfe8c8cf762f95e05cf050fe959d731d49b77f4776cba
ff350e4c35228fa75a4d170ed64610f657da14ef47d51c6417af50e861d06e34
+ 388 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
rezer0 evasion trojan
Link:
https://tria.ge/reports/201109-5af7fhq4m6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Kills process with taskkill
Suspicious use of SetThreadContext
Executes dropped EXE
rezer0
Contains code to disable Windows Defender
Modifies Windows Defender Real-time Protection settings
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f3eb876bdd52d2f6fb8a8dfe28fcff50129a1fd88f76b3e99c500357c36ff862

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/357899/
  
Delivery method
Distributed via web download

Comments