MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a925fc1289573f01bb86482e38340f0fe431269aa7500d776713c71091c49142. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a925fc1289573f01bb86482e38340f0fe431269aa7500d776713c71091c49142
SHA3-384 hash: 7456aba96a36fc297b434ea1f91fa764c4f3df11d7f298df6aa568f2323fc594feb391dbcde59f4255a084e5ec0bf348
SHA1 hash: c518747935e16bfa8b7e8bedb38fc37d7afa386d
MD5 hash: 9618523352c980cc2fdb2533e16d7b08
humanhash: mango-grey-two-charlie
File name:RezoBuild.bin
Download: download sample
File size:103'424 bytes
First seen:2020-06-29 10:59:35 UTC
Last seen:2020-06-29 12:01:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 1536:8uxpMqqU+NV2I8ShQEBpFiAVMS4O8gOkfDiGyIUt39p3VbWL8:8iMqqDLn8SuUKIMS42fDiGyIW9dVo8
Threatray 62 similar samples on MalwareBazaar
TLSH D6A33A08BBFC0B16E2FE8BB8947541A84771F167ED52D38E0CC558A91E327948916FB3
Reporter JAMESWT_WT
Tags:RezoStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
157
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/16189/
Detection(s):
SecuriteInfo.com.Win32.Hedo.480.17703.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a925fc1289573f01bb86482e38340f0fe431269aa7500d776713c71091c49142/
Threat name:
ByteCode-MSIL.Trojan.DataStealer
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 11:01:03 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1681aa9c53703a91a8feb2296051bffc02763c1663e8e50113d51c4b7cb37378
262e75b938cc8b65820cf4015f33ab3db363eb7a968c23bdd48e7a680d97a9f7
5c164b47abfcecfc8f75d220cffbe8a9de97cf956154783aae6d885c180c1e8d
62824d9a353a539053724252d3710008e5894f3580fec8449ec38b7828e7b389
8a6b671ef4fc65efa1bd306da35f4bf2a18814d1ecf0f868ff2f27177fb37809
a7116dc8a8296b97287b628c8cc8cc5fd834557d6d0fc29d5944fd1e4a30b8a3
a75040c1f0f11bf9629774525960c9cf35153727e1191057b575fb3c1ed0700a
aa30299c8266809acb727ef5ec89a80f0cdbcc848550607743f256438f00e398
bfb194c2020359da5169cc6eb2664551e61ccbe7c67af375c7c7c5c8f2b84bc9
d51861bee7da084197de80b44da801303efb75d19d27bad917eac7dd6036cb71
+ 52 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/200629-2483g6fqfa/
Behaviour
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/3xp0rtblog/status/1277555598951952384?s=20
Cape
Cape
https://www.capesandbox.com/analysis/16189/

Comments