MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa377574c99698cd65d8897d93e96c287dff271d4838107aeac36e7a843c1053. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	fa377574c99698cd65d8897d93e96c287dff271d4838107aeac36e7a843c1053
SHA3-384 hash:	71f17e80d52e28788c830dca93a6cf7269694fd78c98c0be283fb7dd16c86d65bae53bed29514c2f053e95ca90c48545
SHA1 hash:	8b18f74b9300dc03df7f826e65d424320cd5cd53
MD5 hash:	e06bfb1a6b645d6437051b4ba950a92e
humanhash:	single-lemon-ohio-single
File name:	e06bfb1a6b645d6437051b4ba950a92e.exe
Download:	download sample
File size:	508'416 bytes
First seen:	2020-07-13 06:58:24 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:zLiM3xBB5wV0JGk7rikZZY83Q2EmhpXXXXX3DXXXXXX3XYXXXXXXX3XXX83XXXXW:zJ20GkXiSY836mbXXXXX3DXXXXXX3XYd
Threatray	40 similar samples on MalwareBazaar
TLSH	94B469C82BCF9525EEC845B62E3FAE46213D5843270D927323752F789A3D904EB83567
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

69

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/25065/

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Using the Windows Management Instrumentation requests

Creating a window

Reading Telegram data

Reading critical registry keys

Sending a TCP request to an infection source

Stealing user critical data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fa377574c99698cd65d8897d93e96c287dff271d4838107aeac36e7a843c1053/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-07-13 07:00:06 UTC

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

334fcafceb7ca23de3e995d89957290ca49594c51b01929309213be32072d90c

56f2d6b9b207a2e0f5fc1a59d36376b4cde1ac6ac52e95a9c48c00c02e271516

6a31202250692a5fc5db29563f8b1f9cea0e2b77fe0261df224717644347858f

702221e0753dc7bdae96ab782721c0e3a58d5d51d15f74af56c662f92f120125

7038be512775198abba2218e0999002c5c9e871bbd14557c7c4fb7fcfca21dc7

95024700b58b895f968cf729ddd3df953ff505eae969d0eec91b514bfc88d1ac

95129ce014d0264688c32aaddf7707ec591f6be1335f5cd67b44e9983b61da9b

b7af5ae62cdefa53767c986467d3c41c7f50f52e4c06ea03ce261c778eff269b

c916367a402cc2cbb3506568aa7863a846fe6c2a5cef56599b164e2d829628aa

d3f256429b38edf61af7b34a0a0b888e9fdccafa03b339a08eef7084bcf50ca8

+ 30 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery spyware

Link:

https://tria.ge/reports/200713-qfdyq6fxma/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Checks for installed software on the system

Checks for installed software on the system

Reads user/profile data of web browsers

Reads user/profile data of web browsers

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe fa377574c99698cd65d8897d93e96c287dff271d4838107aeac36e7a843c1053

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/408186/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/25065/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample