MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 949166859d018a523b3466d403c504a868e9ebfa5526c4b4443e3ccca972be75. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	949166859d018a523b3466d403c504a868e9ebfa5526c4b4443e3ccca972be75
SHA3-384 hash:	fa9bd786b76d3a3fa5d4144740e7ebedd45e500b2ee34336ecbd201b0d9d3cef5554ccac2bb7539844d519efec108acb
SHA1 hash:	fc7c28eff5235060a988223eda39ea16f7f2d39f
MD5 hash:	1f6b2de5be0e2c7965688756c9f0f407
humanhash:	ohio-sweet-moon-nevada
File name:	Swift.exe
Download:	download sample
File size:	447'488 bytes
First seen:	2020-03-20 17:41:12 UTC
Last seen:	2020-03-20 19:55:08 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	6144:/LB8MVnON3nDbv4dszdEitTdhbSGjPAtMAyqMBYZ2/fmafw1:jBLVQ3nDbv4dszdjt/xjImAEBcIw1
Threatray	23 similar samples on MalwareBazaar
TLSH	5194BF03B705D791D83DB27655D6DA3437A6F2C74381C30A6B4E471A9893ACB3E1FA88
Reporter	c_APT_ure

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Inject3.36036.11677.11625.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-03-03 13:34:49 UTC

AV detection:

24 of 31 (77.42%)

Threat level:

2/5

Verdict:

unknown

288130ee9ccfffd3966a3ce4c7baf1a16ddf25a7a03d8e7d9cb549f3041ebfe7

4c4dc83e26db2c5aa6d945fcc8bc43ebd73ba9c1b4962e17c76b832d1b0eaf39

5440e3ba334553d5264329b32eaab06d2bd91e4dc69b83968723d2abcc1bb3de

896152b5c1395d1a5cc2b9e57583cbba5d8ce128419d86dcdc7bd23f54bb19d4

b05eb1ace6dd219a6e5ea23d25ea88bbd672ad379ac4dcaa935acbfdece37c0b

d51840953f6ba82b4285527d838e0034d9ffa1dc1de94b73ed56e5e0b33e5eb5

d99bf6fbde49105ddb9326b1a8020e5b22f64afa1a81793e34dcac17b3fbac44

d9f80479fda248077ba59be9cc0be526e64aeb6f3504b63979b7f4f16b191d57

ed6b60c3660d11160722799525a5a16699f8b0332445e27165abaf92e1f1eb80

+ 13 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/949166859d018a523b3466d403c504a868e9ebfa5526c4b4443e3ccca972be75

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample