MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9baeb663cbaff9bf65fd9f54689c33501c7ad31f71d3ccca1f15ee6789f5fac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9baeb663cbaff9bf65fd9f54689c33501c7ad31f71d3ccca1f15ee6789f5fac
SHA3-384 hash: 358f2607ff64ee3f915611c2a621b489a05f6c9b9aad61efdeeede01a9ecc9ec49de7fc1a42be4e59d962ebac162c72f
SHA1 hash: e19c07c822b75d7a5c07f46e7cbae7f7793b0c71
MD5 hash: 5b77be057ea3410693cc26ae322c061e
humanhash: burger-romeo-equal-yankee
File name:purchase enquiry.exe
Download: download sample
File size:559'104 bytes
First seen:2020-05-11 20:44:46 UTC
Last seen:2020-05-11 21:49:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'750 x AgentTesla, 19'653 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 12288:ufTeSpCZqdUD6L4uzs3Q/vRY6iCSrv1XCBW2WUCklygrRCBBJ9g:ublCGUD6shgHRYXj1W
Threatray 38 similar samples on MalwareBazaar
TLSH 7AC4BE8C361D72EFC827C4728ED8AC74EA11746B635B63279023619E99CDD87CF249B1
Reporter c_APT_ure

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.552185.14445.9949.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-08 05:55:41 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zg5owzr4xl7zx5s73h2uncodgua4pljr64otztfb6fpom6e7l6wa._file
Verdict:
malicious
Similar samples:
23cfbb0bf1e110a79678f45c29897e6090b660d3df420bbb916fc3f1bc12eead
257e99cfd3593f0ae2b35f2b1a3a8448e1272f9455b7f03ada226b88222c5179
581b7a232d3d1bc1452e0a1abe985e16cc6eb018ec12f67e28db4d63872cbb13
75fa551eec71d6d8b9817266813715c2bbb7a537005587f9f1e0d058a05febc6
82686d76af9091e9988d8814900e65641e76d1cbedb261b9496a87708f7dd01f
8a92e6115a329e47ab36222d86ea3f58f56b0a58b1010d2da280067346f38b21
c158b8ed8c9a0221bfeb3dea8d026d5bb9bade9ecfd19191ada59c51c8eb4089
ca805dc52512f1850422982cdd82ef272030398c365653dc52576e45cbb229a4
e5d73714c09ee0fe864523ce30b3bd1a77190adedd278861df0a3ba22bea2d9f
f635354e86b28a65eb77122574493cfe2e37efeca2d3df316a4880db6e3786b9
+ 28 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/201109-jllpgze846/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments