MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed02a2653566d5a67a9b1863d02ed672b1947a6566cc61464f0d7a24ea335074. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed02a2653566d5a67a9b1863d02ed672b1947a6566cc61464f0d7a24ea335074
SHA3-384 hash: 55e4809453981eb3d454898f79d26c12021543f30ac1aa0a2559354e1b8f42a0b9df1f520f6d65285164202d17819e58
SHA1 hash: 80501d41dd3453e76f335b540a3352165d2f3ffc
MD5 hash: 477dbc7864513238de5b49b63db51e60
humanhash: arizona-saturn-quiet-triple
File name:Product Requirement.exe
Download: download sample
File size:1'354'240 bytes
First seen:2020-06-02 07:46:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:yaUDdo6VEt6KYyfbBk2hp0kQmuWzYk2Xrci0IPgIO39WxmgBoPkwkGXVmL:8a6NmfygfQm9cdciHI6mgKPIL
Threatray 487 similar samples on MalwareBazaar
TLSH 6B556B3638D26928C13946774079AAC0A2F267463663DF2EF0AB535B9E0336F77520DD
Reporter jarumlus

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 05:18:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5ubkezjvm3k2m6u3dbr5alwwokyzi6tfm3ggcrspbv5cj2rtkb2a._file
Verdict:
malicious
Similar samples:
100b0b79aaaf948df42bb2b46ad0a6e57c67e2b2a7d91d16c225c24c77f70d2a
2fff208eaaf2f71f4114ed722a48ffb147ebe2db14f241e0506fa8692dc03ab3
4fd457b5e2ff2430dbce5692ba6c47253ade9e105ffb192d01aee29d6ba7c912
64a0f19845c2724ec1e75467da1f1cab42ef3a78914171af40a0c4c8f798a9fd
70502bb6c9fd88cdce1092f83ef2f6408a039c7b9de5652cd22087159dd8ba28
ac3f17465c64d5add698c45aae799dc9d0f7232959c0844e4e6c722c036379c8
bd72223afa837379fe320c88e0c18d6bffaa463615b4d68c1afbfd3bac4f5f93
d871694564319f19892ade1b3e34486883d95b384b1f07185bd572777303fea5
e245394d284c52b53c088927f7548cccff63b0bdc36427c1e4f6f66edc3153bd
fa5b514cc6250b204d8c46ee8212b6db4e1c273904b9df51993b5dba4b07d865
+ 477 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger agilenet persistence ransomware spyware stealer
Link:
https://tria.ge/reports/201109-djdf5nw87n/
Behaviour
Creates scheduled task(s)
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Looks up external IP address via web service
Checks computer location settings
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Executes dropped EXE
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 557eb2fb58b6f85f4267282256f0f2d57e9f71fcb30ffb4bdea5dfb7f1c2ffc3

Executable exe ed02a2653566d5a67a9b1863d02ed672b1947a6566cc61464f0d7a24ea335074

(this sample)

  
Dropped by
MD5 4b5d789825f58cad5127c98c0ae2e919
  
Dropped by
SHA256 557eb2fb58b6f85f4267282256f0f2d57e9f71fcb30ffb4bdea5dfb7f1c2ffc3
  
Delivery method
Distributed via e-mail attachment

Comments