MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c67f22cf8e5e250796b94b18207a8532891f5168452ff42f40a5a9d5040a0d9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c67f22cf8e5e250796b94b18207a8532891f5168452ff42f40a5a9d5040a0d9c
SHA3-384 hash: 522b84871a011045aa0c1ba02b8e429c5dd6b934eee0e11207fa2eae207586b4c5b0c47cc77f50174f03b9aee7db435d
SHA1 hash: 9569c86e53764a39b1f6f040ee558137b303cba5
MD5 hash: d37ba908b837923eccced356b7aec745
humanhash: oranges-monkey-california-apart
File name:Swift.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:387'641 bytes
First seen:2020-11-02 08:54:02 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:9Bz6m+uy93Hmj/Muxce/yMM4XZuhH9IJ7EF4h8df1XQRffeAgPtFzuWBSo:r/o3Gj/Muxce/LUhdIJ7sI8PQR7g/np
TLSH 82842389B93999E7338565B52F287C7CDA134081CB3555CD219924EE1DA0FE80BE2EB3
Reporter GovCERT_CH
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c67f22cf8e5e250796b94b18207a8532891f5168452ff42f40a5a9d5040a0d9c/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-11-01 23:12:31 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yz7sft4olysqpfvzjmmca6ufgker6uliiux7il2auwu5kbakbwoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c67f22cf8e5e250796b94b18207a8532891f5168452ff42f40a5a9d5040a0d9c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar c67f22cf8e5e250796b94b18207a8532891f5168452ff42f40a5a9d5040a0d9c

(this sample)

AgentTesla

Executable exe 07c8f55802bd65df06052859c3dea858780b2259cbbfc6ec4b344cbd37f2d956

  
Dropped by
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 07c8f55802bd65df06052859c3dea858780b2259cbbfc6ec4b344cbd37f2d956
  
Dropping
MD5 e776d600bae813ed38f223528191f61f

Comments