MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 7c3289cdc59a8cf32feac66069d09c48a930d4665f740968521adaf870172644. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
TroyStealer
Vendor detections: 6
| SHA256 hash: | 7c3289cdc59a8cf32feac66069d09c48a930d4665f740968521adaf870172644 |
|---|---|
| SHA3-384 hash: | 964d6da3a284a4043c1ac511bee721574a61ebf4fcb9823d4cee249c192662c726c71952d330e8b8dafd72b4aed30ec0 |
| SHA1 hash: | c76a9fb1a2ae927bf9c950338be5b391fed29cd7 |
| MD5 hash: | dab6194f16cefdb400e3fb6c11a76861 |
| humanhash: | colorado-autumn-idaho-kansas |
| File name: | FA.202005.0069771.DOC.exe |
| Download: | download sample |
| Signature | TroyStealer |
| File size: | 324'608 bytes |
| First seen: | 2020-06-12 09:10:04 UTC |
| Last seen: | 2020-06-12 09:44:48 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger) |
| ssdeep | 6144:xI7l/9mLNL0kaEFMeabTZbIDqsBkAXtcgMdRU+gBOoDY:xuu3e5shjc9EJOo |
| Threatray | 60 similar samples on MalwareBazaar |
| TLSH | 0264BE9177955B33CE284FF695313AA553B5914A4C85E72E2CC9B0EB2CC13029FC2E9B |
| Reporter |  abuse_ch |
| Tags: | exe geo PRT TroyStealer |
abuse_ch
Malspam distributing TroyStealer:HELO: miranda.wv.pt
Sending IP: 195.22.19.123
From: domingos.borges@feppv.pt
Subject: Pagamento Recusado
Attachment: FA.202005.0069771.DOC.img (contains "FA.202005.0069771.DOC.exe")
TroyStealer SMTP exfil server:
TroyStealer SMTP exfil email address:
domionhuby@gmail.com
Intelligence
File Origin
# of uploads :
2
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Ispy
Detection(s):
Result
Threat name:
Unknown
Detection:
malicious
Classification:
phis.spyw.evad
Score:
68 / 100
Behaviour
Behavior Graph:
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Status:
Malicious
First seen:
2020-06-12 09:11:05 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
27 of 31 (87.10%)
Threat level:
5/5
Detection(s):
Malicious file
Verdict:
malicious
Similar samples:
+ 50 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
10/10
Tags:
spyware
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.