MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4d90bf282a7b8b8f881f38d18afd1d541bbaef226cd7979fd01b3d62cb1ea8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4d90bf282a7b8b8f881f38d18afd1d541bbaef226cd7979fd01b3d62cb1ea8b
SHA3-384 hash: 1a35939d2c7986928c0e167451b788b5ec5030fe0c17059e8b0f0621d38f90fa92caeb6f6d66a9feadd0ac49d916f7b5
SHA1 hash: 18c53830e90cce1325d76d5f0fbe438d2a7aae89
MD5 hash: 0549d7c88505d48b65518054ed7db49e
humanhash: pluto-purple-fourteen-ink
File name:8312a5b23abfe7321092379993fc0d20
Download: download sample
File size:328'724 bytes
First seen:2020-11-17 12:03:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d444820d9facb23288061674446775bb (6 x AgentTesla, 4 x Formbook)
ssdeep 6144:JYO1U31+ZcY29SuE7vJR8FzQQa6BhiRd0YxrYkWtS:eOeE291E7eQzRdXYkWo
Threatray 4'267 similar samples on MalwareBazaar
TLSH 91641208F6D1C0F2E112007596595EA34ABB787B56B9A5C3B3DC0B0E5EB87D05D2ABC3
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
49
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a file
Running batch commands
Launching a process
Creating a window
Using the Windows Management Instrumentation requests
Setting a keyboard event handler
Creating a process from a recently created file
Creating a process with a hidden window
DNS request
Reading critical registry keys
Moving a recently created file
Replacing files
Deleting a recently created file
Sending a custom TCP request
Unauthorized injection to a recently created process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Stealing user critical data
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4d90bf282a7b8b8f881f38d18afd1d541bbaef226cd7979fd01b3d62cb1ea8b/
Threat name:
Win32.Spyware.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:06:31 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
07dbb0f511ef2ce6007a7b576be51073b953253a7e7182b361b06036e6a82f84
50eb8b54c87303301b6614c07195bef8121ab2f99685ced448b915f9e6f0fc15
58c9ea112ea67d4311a63c0cf87b4a97745c1e0f28e1a8a013047349d7d5bae4
74991102f58f5aa114cb11fe6e624c263a10129c77e917f185e9f19c73a0dad0
99a98bc6f2caf5e6fe3e6ada1af35586392ea48a28bc601522bed98454cc6af6
9be235495bd4696901a7e0538b3d96f6996268c67c1b607cdc8e33a794a6a9da
bf82d80c6784207b3b2b71c4c33d4e0a0866908ebdb14a571e6f36eb7b616c60
c0fb3989dccc0e8aa3c3b0e95a8b6cc3982c41c80930998efc1ac26613b0153e
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
e49bdc779eeaa52e085b217a5efe13fbdccce4d33c6b640ddfde03d607a30bde
+ 4'257 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-qwhz6r99bj/
Unpacked files
SH256 hash:
b4d90bf282a7b8b8f881f38d18afd1d541bbaef226cd7979fd01b3d62cb1ea8b
MD5 hash:
0549d7c88505d48b65518054ed7db49e
SHA1 hash:
18c53830e90cce1325d76d5f0fbe438d2a7aae89
Link:
https://www.unpac.me/results/cfb554d8-683e-43e7-9296-aed17a4c1c6c/
SH256 hash:
0b020d851ade4827dd37bf5169664c1f1c5700afe637db56730ecfa5419aa82c
MD5 hash:
207a25b3ad37099fbdf473eeaa47cfd1
SHA1 hash:
e8b60fa5d4e75db4ad26139b63a097aa97794e19
Link:
https://www.unpac.me/results/cfb554d8-683e-43e7-9296-aed17a4c1c6c/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments