MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e087171c275e0a210d76081dedc62fbf6319f3a76415d1316fc17d81c1e8753b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e087171c275e0a210d76081dedc62fbf6319f3a76415d1316fc17d81c1e8753b
SHA3-384 hash: cf7f41fcc0f3fa4d5787aecd0f9d013345b3d2de459b5e956bfe61d4a699d175d0650c273522851178a49f6d6c816f33
SHA1 hash: 7c3501390231e7d95d31a8affca7d5b559ad91a7
MD5 hash: 714b5c263ea05de8abaa6c98f77211d9
humanhash: emma-stream-salami-double
File name:Our New Order dated.......exe
Download: download sample
Signature MassLogger
Create hunting rule
File size:272'688 bytes
First seen:2020-08-05 11:47:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:hRm9cntWZhPBCTPCB0rQIVY1u3ai/iiPqC:vmiI3g5QGq8iiPR
Threatray 10'625 similar samples on MalwareBazaar
TLSH 3444AD2136D61102EB7E4B3207DBCE70373546A3ABB1821D7F2AB734DB109961869D6F
Reporter abuse_ch
Tags:exe MassLogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: rogri.ro
Sending IP: 176.9.80.3
From: geanina.alexandru@rogri.ro
Subject: Urgent New Order No. 1557117. Dated.05.08.2020
Attachment: Our New Order No. 1557117. Dated.05.08.2020.img (contains "Our New Order dated.......exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/39487/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Creating a file
Creating a window
Sending a UDP request
Using the Windows Management Instrumentation requests
Reading critical registry keys
Stealing user critical data
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/411053
Signature
.NET source code contains very large array initializations
.NET source code references suspicious native API functions
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/e087171c275e0a210d76081dedc62fbf6319f3a76415d1316fc17d81c1e8753b/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 11:49:07 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4cdrohbhlyfccdlwbao63rrpx5rrt45hmqk5cmlpyf6ydqpiou5q._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0a4ac915ba6f8c018081c160cd3bf260b2b96d9d4f9a0505398e2aff62b09318
MassLogger
1e951012c34ea9b3762e742c890933a799c4c487abdc7639abae579eebf50e9e
MassLogger
21d19ba98de8b710605e144809cae73bc3b7606cfc49e995a267cf44e4c2638f
MassLogger
71f37902cad4c188ff274193a76367439dd74a233d4b118b251f56cb4ba46d7a
MassLogger
85f9449b3bf138291017bff513ccc66cdbbb81478098149bf6ddaf44410c235e
MassLogger
8993c6ffa46e5d51e517982dca4e5bb6ba32ed168348c1d4004a41a581282a1f
MassLogger
8eb3933e2012364a81fa9f1003c485c03c6cafd61eefaf1b4059cc8d4a4066a7
MassLogger
9b05b77b3afaacbcbf23eadad8866e55c4d21d007e5107e9f30c0d93b51fd0b4
MassLogger
e3574b9f84ca8cf778a664b60c2d6fde9049c51a384f5fbe49003fe806afd966
MassLogger
f33e536c31c5aa7b5a463c4c9243b4369de785e06648ae076a8822f11797076f
MassLogger
+ 10'615 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
keylogger stealer spyware trojan family:agenttesla
Link:
https://tria.ge/reports/200805-8z9jm1fezx/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/e087171c275e0a210d76081dedc62fbf6319f3a76415d1316fc17d81c1e8753b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img bcc12f8e3b23886188da3027bc2954d55ca27280d5db7d8cf9e3d1028d2941a0

MassLogger

Executable exe e087171c275e0a210d76081dedc62fbf6319f3a76415d1316fc17d81c1e8753b

(this sample)

  
Dropped by
MD5 30468faa6799f42e9ca723d4a1489020
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/39487/
  
Dropped by
SHA256 bcc12f8e3b23886188da3027bc2954d55ca27280d5db7d8cf9e3d1028d2941a0

Comments