MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c70f085a5bb6b5589088374114bbd7a7e097ad8dce5343aec499cd7bc070f061. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c70f085a5bb6b5589088374114bbd7a7e097ad8dce5343aec499cd7bc070f061
SHA3-384 hash: f34a2d5f5a0f6b22f281c9d071d679df47419e3a88653f62b5819c48d506063ee9ed9a6bfc4bf33f317dee55d8ddab53
SHA1 hash: 778298b7d67c4b10d6ee0025142cbd2656f80452
MD5 hash: d617629cc616053d970ce78ec2df19ec
humanhash: nevada-pluto-coffee-skylark
File name:SecuriteInfo.com.Trojan.MulDrop12.44210.25533.6581
Download: download sample
File size:91'648 bytes
First seen:2020-06-03 14:35:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 1536:ZuHeH2OitoL0zgVnBjVTYd4Z7e76yeP7z/iT7iEdpKW7u:ZWeH238y0VTg4Zemzu7i8pKwu
Threatray 14 similar samples on MalwareBazaar
TLSH C2939C9437FDA362E4F887F245B2A0001376B5177972E78C0DC222DE8A6AF5146B1F97
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.MulDrop12.44210.25533.6581.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-30 20:21:16 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
217bb4b351efd731e57ec953549c757eab0751839f4be4c8a996a5f7a8e571a7
3203c6bd71fce4ce12368d06cff3ea603a0dc1781b18dea6ba364c7604e53d24
5fc23e159d21753ca7140091700214b2c277d0f94e80280b58bbfda43930e7d2
6d2865589e86a2165f639cb417415eb23192d8a06387c5fa4a7eac14795101f6
7294bdc3333d08ac9c2397b3555c0126928c13600b23de09f21841cfee83f55a
90071cffdfe6465b764829a706fe27f1abbb58d719bfcb428b210ae8c939a320
933323c4e7302a4eb50f84483b2ab939f657a35c94cb67aa59979507b0c60486
939b2ae76b674d4fde311eb4374a5f0eaaf3d154a038fdd5febb84bec0734a77
d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c
d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
coreentity evasion rezer0 trojan
Link:
https://tria.ge/reports/201109-xljy37e6ls/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Windows security modification
rezer0
Contains code to disable Windows Defender
CoreEntity .NET Packer
Modifies Windows Defender Real-time Protection settings
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c70f085a5bb6b5589088374114bbd7a7e097ad8dce5343aec499cd7bc070f061

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/371087/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/376169/

Comments