MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 f46eb5d20d51de55a8eb0bcf2c0426a5bdd7305d247dafa9cc5e42c0149a8dd0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 5
| SHA256 hash: | f46eb5d20d51de55a8eb0bcf2c0426a5bdd7305d247dafa9cc5e42c0149a8dd0 |
|---|---|
| SHA3-384 hash: | c9b99cad4d26163024440e5b4c72028687bdeb9c3bc4890dabe3ba1fb93469b59399e43d341646c54806d51cf19ea400 |
| SHA1 hash: | 543468aaf033f518794145a28519e43e2e179a83 |
| MD5 hash: | fb02c227cc8956f2e1be3e82ebaff47d |
| humanhash: | colorado-connecticut-hamper-seventeen |
| File name: | Quotation prices accepted with designs and images.jpg.exe |
| Download: | download sample |
| File size: | 445'952 bytes |
| First seen: | 2020-05-13 10:29:42 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger) |
| ssdeep | 12288:Xceg1TP/YvN8yK3mZSaJRWhpmmBuoxhsgP:seg1zYv6yK3r8RWhpRhsgP |
| Threatray | 1'797 similar samples on MalwareBazaar |
| TLSH | 5094121EB769437FEBEA16F9B112970297F1C4356684E7E84CD140EA96EA3C217318C3 |
| Reporter |  abuse_ch |
| Tags: | exe Yahoo |
abuse_ch
Malspam distributing unidentified malware:HELO: sonic317-21.consmr.mail.gq1.yahoo.com
Sending IP: 98.137.66.147
From: Micheal Gauger <onnybekee@protonmail.com>
Reply-To: onnybekee@protonmail.com
Subject: selected requirement
Attachment: Quotation prices accepted with designs and images.jpg.img (contains "Quotation prices accepted with designs and images.jpg.exe")
Intelligence
File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Status:
Malicious
First seen:
2020-05-13 06:22:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
9
AV detection:
23 of 31 (74.19%)
Threat level:
2/5
Detection(s):
Suspicious file
Verdict:
malicious
Similar samples:
+ 1'787 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Score:
10/10
Tags:
family:agenttesla coreentity keylogger persistence rezer0 spyware stealer trojan
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
rezer0
AgentTesla
CoreEntity .NET Packer
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
exe f46eb5d20d51de55a8eb0bcf2c0426a5bdd7305d247dafa9cc5e42c0149a8dd0
(this sample)
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.