MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 154df0e5a18c811df58c1fab786001c5aa9d3a80640793578759a15a34597acb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | 154df0e5a18c811df58c1fab786001c5aa9d3a80640793578759a15a34597acb |
|---|---|
| SHA3-384 hash: | fbe4b17b26d72695dd4912d37e847ebf5c774e67fb3877d8c3b90882500561969780b5aa63ed863d964b270eba0c586c |
| SHA1 hash: | 49f11fad9a2522f198fa4cbe2df89171781177d3 |
| MD5 hash: | 77df4a375a27bfecc3c44317eff75bdc |
| humanhash: | yankee-bakerloo-colorado-wolfram |
| File name: | Slaking.exe |
| Download: | download sample |
| File size: | 35'840 bytes |
| First seen: | 2020-11-19 10:09:03 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger) |
| ssdeep | 384:NhplNeVKwgfmiZDr+60IGy+AF72V2cVOLQi0Cs1+NJYtGRNi7RRPHPG:NHfeVKwgD+60RyR72tULQi0f+Nd0u |
| Threatray | 224 similar samples on MalwareBazaar |
| TLSH | 5EF20C3B2A57F227DED52AF58853A3404128EF485423C25B2D78F95D3932143EEAE39D |
| Reporter |  JoulK |
| Tags: | exe Redline |
Intelligence
File Origin
# of uploads :
1
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
DNS request
Launching a process
Creating a file
Sending a UDP request
Sending a TCP request to an infection source
Connection attempt to an infection source
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
RedLine
Detection:
malicious
Classification:
troj.spyw.evad
Score:
76 / 100
Signature
Allocates memory in foreign processes
Binary contains a suspicious time stamp
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Threat name:
ByteCode-MSIL.Trojan.Malrep
Status:
Suspicious
First seen:
2020-10-31 04:55:58 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 214 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Score:
10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Behaviour
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
154df0e5a18c811df58c1fab786001c5aa9d3a80640793578759a15a34597acb
MD5 hash:
77df4a375a27bfecc3c44317eff75bdc
SHA1 hash:
49f11fad9a2522f198fa4cbe2df89171781177d3
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Distributed via e-mail link
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.