MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f858c848126817f7e1f30926ac65a73d2a3c13dca24b34e9567be04f0d8f4fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f858c848126817f7e1f30926ac65a73d2a3c13dca24b34e9567be04f0d8f4fe
SHA3-384 hash: 25f6081b32e64f29d181708e5511072a68f557b10cb1f49ee0091e52b8cfcf3d335138d1018d1c5140b72787f5e6355f
SHA1 hash: 4a31be4d4a4c4d52c9df13845838829a72f88ef1
MD5 hash: 5587dacfbc0542d05d56dc568eaf6b51
humanhash: hawaii-fish-north-jig
File name:SecuriteInfo.com.MSIL.GenKryptik.EKNL.10961
Download: download sample
File size:147'456 bytes
First seen:2020-05-14 09:37:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 1536:xn6dHd5qntMFkqHAlo77W7pQ+MjvxuF1FhrZyLlO03E9f5xuoT0ZIBbCi+cwzUkq:ceuFkqZOtMohMo0NoIZIBbCi+cwzUZj
TLSH 98E3A5BC312476EFC85BC57ADAA82C64AA603477531B9207905355EDAE0DAD3CF284F3
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EKNL.10961.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 01:35:33 UTC
File Type:
PE (.Net Exe)
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  10/10
Tags:
coreentity evasion rezer0 trojan
Link:
https://tria.ge/reports/201109-rqp7ja1d46/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Windows security modification
rezer0
Contains code to disable Windows Defender
CoreEntity .NET Packer
Modifies Windows Defender Real-time Protection settings
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8f858c848126817f7e1f30926ac65a73d2a3c13dca24b34e9567be04f0d8f4fe

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/362547/
  
Delivery method
Distributed via web download

Comments