MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40c604bb72f83a0f4ad24fce83aa25332610b2158c7a837dbd89778b4e48c067. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TroyStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40c604bb72f83a0f4ad24fce83aa25332610b2158c7a837dbd89778b4e48c067
SHA3-384 hash: 3770e6e71a8f10b877f814343f70575db2cf4483d044c51a47b817eeb2464841019b51fdfee0a5aeb182ad2ed5810976
SHA1 hash: 954ac8cee5de50e6bbdb916a12e75ce37c3aacce
MD5 hash: 613fa72af5c76cebc54c11d78e03e961
humanhash: massachusetts-chicken-network-jersey
File name:COVID-19994872372631.exe
Download: download sample
Signature TroyStealer
Create hunting rule
File size:217'600 bytes
First seen:2020-06-05 10:28:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 3072:h6pmaORgkJEVuScagFap4D597mhjwEK5ekB3+2Q3n5unKdjSlbH6IpiZVV0Stojx:Ag5JE7canutAeej2KyrH9IVV0S624sS
TLSH 0324F155DAAA1B26F2B44BFF057591AC43F2A64A1010C34E7DD231EF2972B1B4781F2B
Reporter abuse_ch
Tags:COVID-19 exe TroyStealer


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: psm91.troy
Sending IP: 2.56.8.190
From: Rosa Caudevilla <facturacion@tesslibrenta.com>
Subject: COVID-19 ORDEN
Attachment: COVID-19994872372631.UUE (contains "COVID-19994872372631.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.NetWired
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 10:36:00 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iddajo3s7a5a6swsj7hihkrfgmtbbmqvrr5ig7n5rf3ywtsiybtq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence spyware
Link:
https://tria.ge/reports/201109-z1zhal6m9e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

TroyStealer

uue 766503416e92ce7a115a1ce14154313025c7a8405b7aa2d5c35cac4a4c50bc56

TroyStealer

Executable exe 40c604bb72f83a0f4ad24fce83aa25332610b2158c7a837dbd89778b4e48c067

(this sample)

  
Dropped by
MD5 76856be8ba3d2c95925e6acdaf49a615
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 766503416e92ce7a115a1ce14154313025c7a8405b7aa2d5c35cac4a4c50bc56

Comments