MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f440c2cc4fc3168c939310c4e90b80d980a4a0d6a42f0596d2676461b02d11e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MistStealer

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	f440c2cc4fc3168c939310c4e90b80d980a4a0d6a42f0596d2676461b02d11e2
SHA3-384 hash:	c366d72a6281e5d719d9e1e8d35245ef684cbcc21d6889e0718ec76c83887938170c51714af0d671fdf843c00e1075d0
SHA1 hash:	c5a7098f15174be421498cede6c8df8819e98540
MD5 hash:	51083ffcc13fc386b68eaa8117f48a55
humanhash:	paris-kansas-florida-thirteen
File name:	Mist.Buld.exe
Download:	download sample
Signature	MistStealer Create hunting rule
File size:	400'384 bytes
First seen:	2020-06-11 22:41:46 UTC
Last seen:	2020-06-11 23:38:35 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'859 x AgentTesla, 19'789 x Formbook, 12'305 x SnakeKeylogger)
ssdeep	12288:ol6wV5sKv6usk4ST0NLblvs5XrEeUvT4v:olN0JSTqbi5Xo7u
TLSH	2D842324DA8EA233D2CE65FC0AFF47C05EBA6432F681F75B64493924A15527C1D5232F
Reporter	James_inthe_box
Tags:	exe MistStealer

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/7855/

Detection(s):

SecuriteInfo.com.Variant.MSILPerseus.224461.26607.11145.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2020-06-11 22:41:31 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

27 of 31 (87.10%)

Threat level:

5/5

Verdict:

malicious

Result

Malware family:

echelon

Score:

10/10

Tags:

family:agenttesla family:echelon discovery keylogger spyware stealer trojan

Link:

https://tria.ge/reports/201109-2p48afksqx/

Behaviour

Creates scheduled task(s)

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Looks up external IP address via web service

Checks installed software on the system

Reads user/profile data of web browsers

Executes dropped EXE

AgentTesla Payload

Echelon log file

AgentTesla

Echelon

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

https://www.capesandbox.com/analysis/7855/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample