MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f737f31a7bd5f0ddc2624bd7cd2a16eaf1fb19a6a3ece77100e23a1a44fd209. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f737f31a7bd5f0ddc2624bd7cd2a16eaf1fb19a6a3ece77100e23a1a44fd209
SHA3-384 hash: 83713baf0e1df5595139aa8f9c60df931697d3a86dfce77ac25a0c2d17e3d1b619a0230d67296c14f0f31b53a911dbba
SHA1 hash: 5176e981c56048c639d62a9cfbaaa79c30a8f7e4
MD5 hash: 0003e5fc18de5c73d4385ae854d8dcaf
humanhash: vegan-alanine-lamp-paris
File name:SWIFT MESAJI.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:633'165 bytes
First seen:2020-07-30 09:51:38 UTC
Last seen:2020-07-30 12:41:33 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:UN/KLjgGDJsHitHyoZbPtEeR0BF53oaDVH1ZscZZU9y/it71:UNCLjgGDJfy6tlGFb1Dsc3ratB
TLSH 00D423E55AC742B63CA3FE236005DFC19C88D83A58918DCECE725597A944ACE1BEC4F4
Reporter jarumlus
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
4
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CIL.HeapOverride.Heur.22033.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9f737f31a7bd5f0ddc2624bd7cd2a16eaf1fb19a6a3ece77100e23a1a44fd209/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-30 09:53:04 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=t5zx6mnhxvpq3xbges6xzuvbn2xr7mm2ni7m45yqbyr2djcp2ieq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9f737f31a7bd5f0ddc2624bd7cd2a16eaf1fb19a6a3ece77100e23a1a44fd209

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 9f737f31a7bd5f0ddc2624bd7cd2a16eaf1fb19a6a3ece77100e23a1a44fd209

(this sample)

AgentTesla

Executable exe 9aee439e11def97d65bee7c09d7dc567edaae51804fba8ce3478fba0107ed892

  
Dropped by
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9aee439e11def97d65bee7c09d7dc567edaae51804fba8ce3478fba0107ed892
  
Dropping
MD5 3af69916bb6b831cffe61d3e4c0ad040

Comments