MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8dafff3eb70fce71d878729b833f9b540877db8074c04f4c3c16abc7e37b65d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8dafff3eb70fce71d878729b833f9b540877db8074c04f4c3c16abc7e37b65d4
SHA3-384 hash: a3cda7fcc1b3a00a7289f8f4a4401436936e41123d5c98b5967189ea79b45403f7f3f40e14c730d53ca791539afe886c
SHA1 hash: 2f515dd02347d341eaa69d36f22572c5ec655c5d
MD5 hash: 40fd9adf4535d37c84ac1f809b05d1ca
humanhash: two-edward-moon-kansas
File name:40fd9adf4535d37c84ac1f809b05d1ca.exe
Download: download sample
File size:490'542 bytes
First seen:2021-10-26 15:48:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:VGxhLKPIuVvL78nUp+6dXQJWF+OD3vFCYaSPYhUez2Uj5nrz9IQLMz3JWp:UviLInUpzdOOD3vsYaUDKPr5GtWp
TLSH T11AA47A0436E94B02E5BA67F41631544097BB7DAE287EE24E1EDE34CA1F77F444A60B23
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
370
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/200323/
Detection(s):
Win.Trojan.Generic-9904340-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated overlay packed
Link:
https://www.filescan.io/uploads/61782371db358dd15edcecb9/reports/6367098e-90fa-41da-8090-c7cada61a48a/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/be6278e6-aada-408d-a242-8b08e714ea19
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
21 / 100
Link:
https://www.joesandbox.com/analysis/877166
Signature
.NET source code contains potential unpacker
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8dafff3eb70fce71d878729b833f9b540877db8074c04f4c3c16abc7e37b65d4/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-10-26 15:49:06 UTC
AV detection:
11 of 27 (40.74%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211026-s9chsshhc6/
Unpacked files
SH256 hash:
8dafff3eb70fce71d878729b833f9b540877db8074c04f4c3c16abc7e37b65d4
MD5 hash:
40fd9adf4535d37c84ac1f809b05d1ca
SHA1 hash:
2f515dd02347d341eaa69d36f22572c5ec655c5d
Link:
https://www.unpac.me/results/053eea4d-2b62-4747-8041-f85e204968c4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/8dafff3eb70fce71d878729b833f9b540877db8074c04f4c3c16abc7e37b65d4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8dafff3eb70fce71d878729b833f9b540877db8074c04f4c3c16abc7e37b65d4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1712710/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/200323/

Comments