MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 150f883f1a99dea83e3391920107220fd9794bdaacfb7dc482b44d00e7603023. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PandaLogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 150f883f1a99dea83e3391920107220fd9794bdaacfb7dc482b44d00e7603023
SHA3-384 hash: 2cfaa02f51d5c41bae1f439b11bf7739b24f28506595108d2acbcbcec0cb55b27e254214d7b2af67845bbfb6990c81cf
SHA1 hash: 0343fee261441fe523b557bdc63a49aa2d8b6fd9
MD5 hash: 8849ec79aac67ee11e47fca7938ccfb5
humanhash: hamper-charlie-three-violet
File name:3MLDad2sFoYnTE9.exe
Download: download sample
Signature PandaLogger
Create hunting rule
File size:782'336 bytes
First seen:2020-11-17 12:00:19 UTC
Last seen:2020-11-19 14:36:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'453 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 12288:QT3GdgptKViqk+ud1/yTGjxWHEdFOaYSYaFcskT8Mt8LFltA/zMclT:QLGdgXKViq+L/y4xyEdFOaYSYaFQ8g88
Threatray 976 similar samples on MalwareBazaar
TLSH F1F47CF6394FA64FC1AA3CB1CD5099042F7CAB13F506E316F89A22B834ED26957049F5
Reporter JAMESWT_WT
Tags:PandaLogger

Intelligence

File Origin
# of uploads :
3
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% directory
Creating a file in the %temp% directory
Launching a process
Creating a process with a hidden window
Deleting a recently created file
DNS request
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Sending an HTTP GET request
Reading critical registry keys
Enabling the 'hidden' option for files in the %temp% directory
Replacing files
Setting a keyboard event handler
Stealing user critical data
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/150f883f1a99dea83e3391920107220fd9794bdaacfb7dc482b44d00e7603023/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 09:04:11 UTC
File Type:
PE (.Net Exe)
Extracted files:
16
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cuhyqpy2thpkqprtsgjacbzcb7mxss62vt5x3recwrgqbz3agarq._file
Verdict:
unknown
Similar samples:
0c057157ad65ebd8e9fc9ace3fcd42d5692f8ba1854107bfb131595417178ebc
PandaLogger
4661da61c0b3120e6e6487dd9b3ebc8a6725608547bfc8bcc9bd9f2e0b777121
PandaLogger
50cb4a77f2df96f675c80dec26c475f843954677b7a44aefc2e4bfa313a4e63d
PandaLogger
91b37fab98fd83d117c89e338310c1e0e4e1496405a6b3dfe6d4852bd85d137a
PandaLogger
98fe679693d1f5a9c43102f6b95c4e85ef347e7e616fba8ec87d7c6b6beab98c
PandaLogger
cbd2c4b5531b924ae824137a1349613686aa8e9599adbfc2c1741b69c3f2ad24
PandaLogger
d41f0d16f59cdbfe25cc61c6659d089223c34216fa3e78e2313d65a254e6f66b
PandaLogger
da4e120e4586c277edfa8a75a76f502a53c60594caee8b0bdf452220c9c61efb
PandaLogger
ea3db8f3bc6a78c6ddfee2668f61f94f7eedb2125c6480fe4af685951a873ded
PandaLogger
ed18bf204914e704fe7d77312b00b654d329666334abaf7bd3af546bad9dc4a6
PandaLogger
+ 966 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence spyware
Link:
https://tria.ge/reports/201117-neejasb65s/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies service
Looks up external IP address via web service
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
150f883f1a99dea83e3391920107220fd9794bdaacfb7dc482b44d00e7603023
MD5 hash:
8849ec79aac67ee11e47fca7938ccfb5
SHA1 hash:
0343fee261441fe523b557bdc63a49aa2d8b6fd9
Link:
https://www.unpac.me/results/f90ce750-9987-43d9-9f8f-8b2b4a7fa864/
SH256 hash:
aeaae8180b30182af9e42aafa0de1a061a1bce10948c8b9de3bd5f8fe2adc601
MD5 hash:
96aa287dcb3c5b06b61881db3aa24cca
SHA1 hash:
793c86490e59527b4be25d86d836184c90a0aba6
Link:
https://www.unpac.me/results/f90ce750-9987-43d9-9f8f-8b2b4a7fa864/
SH256 hash:
cb951f1d2b5460456aad0d89cef1216d9be5e51784d11a92447d43e96177bd5e
MD5 hash:
8cd5d2014866f4ef60802ff1826998a6
SHA1 hash:
8ff75946905d0b117080cc5a07e6e0bbea4e9bbd
Link:
https://www.unpac.me/results/f90ce750-9987-43d9-9f8f-8b2b4a7fa864/
SH256 hash:
f39fd19f8f387cab31f9fc40b034c970b543843a62c8ae7994fcec93098c9470
MD5 hash:
fb4778e9c6949585060b6f0e5a8a942a
SHA1 hash:
efeb66669b92fdc8b53c3777ede3faeb63a60e2c
Link:
https://www.unpac.me/results/f90ce750-9987-43d9-9f8f-8b2b4a7fa864/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PandaLogger

Executable exe 150f883f1a99dea83e3391920107220fd9794bdaacfb7dc482b44d00e7603023

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/825875/
  
Delivery method
Distributed via web download

Comments