MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26b08735f4b20bf7a5d6da035ca5dc6b1d3f8685d83397a876cc4db946adc778. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26b08735f4b20bf7a5d6da035ca5dc6b1d3f8685d83397a876cc4db946adc778
SHA3-384 hash: 23c48ff365b21e62cf1eebf4f5b8e8c1486b951ff3b667a53479b7fb0ee762a302eaf4be8433284232d4d5a4bebf382a
SHA1 hash: 0d6e50710ba223d8a65ee7773533de44eac17912
MD5 hash: b9ed1f32c7fb1c7fdf34addf20719a50
humanhash: north-two-william-bravo
File name:chkyy2
Download: download sample
File size:1'173'999 bytes
First seen:2023-08-09 09:17:38 UTC
Last seen:2023-08-09 10:01:10 UTC
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 12288:y6bmO7zyyH+3NR/04xiNV4mC6k7aMRRIZpSPDKcDaTE1JJr:y
TLSH T1DF45A189835A06F4BFDE7F844AB0A89B9C10A51674FC789DEECC1F089C6A4BC47505DB
Reporter JAMESWT_WT
Tags:AgentTesla ftp-mgcpakistan-com ps1

Intelligence

File Origin
# of uploads :
2
# of downloads :
156
Origin country :
IT IT
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PSH.Agent.HA.21682.21383.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/64d359cb2a1db2a88ac400eb/reports/3ec8c511-6e42-4169-bdf2-3983f6943b20/overview
Verdict:
Malicious
Labled as:
Trojan.PowerShell.Kryptik
Link:
https://www.hybrid-analysis.com/sample/26b08735f4b20bf7a5d6da035ca5dc6b1d3f8685d83397a876cc4db946adc778
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1288744
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1288744 Sample: chkyy2.ps1 Startdate: 09/08/2023 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 powershell.exe 13 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26b08735f4b20bf7a5d6da035ca5dc6b1d3f8685d83397a876cc4db946adc778/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e2yionpuwif7pjow3ibvzjo4nmot7buf3azzpkdwzrg3srvny54a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/26b08735f4b20bf7a5d6da035ca5dc6b1d3f8685d83397a876cc4db946adc778

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PowerShell (PS) ps1 26b08735f4b20bf7a5d6da035ca5dc6b1d3f8685d83397a876cc4db946adc778

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2703195/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2703219/

Comments