MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1bda17cb11b0a6d1d06812bffa20372ab5a5b6e200796f87151bff3365d728f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	1bda17cb11b0a6d1d06812bffa20372ab5a5b6e200796f87151bff3365d728f4
SHA3-384 hash:	832716a4aac367deeecac3231853a5b6374b756022ec8a63b5b90e9ed2bc0e226d88f19f6bedd861665e4b89ed14629a
SHA1 hash:	6bf32e8fcbfddc27df2549ddb78140151bfa678d
MD5 hash:	e688f8d75a51c4e3198d074e64e181cc
humanhash:	snake-spring-stream-paris
File name:	Covid-19 Interception Plans.bat
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	617'472 bytes
First seen:	2020-04-09 18:16:24 UTC
Last seen:	2020-04-09 18:45:57 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:o2giqlYVUS6mwmLOxoLZc63I4FSVyimXu5e6uYt:oIJdKSt44IVzHhuK
Threatray	148 similar samples on MalwareBazaar
TLSH	FAD4197DAA546B27F76D82F849430009F5B441EB2632ADDB86C772CC3449B0176EE36E
Reporter	abuse_ch
Tags:	AgentTesla exe

abuse_ch

COVID-10 themed malspam distributing AgentTesla:

HELO: cetinturkbilgisayar.com
Sending IP: 213.142.138.118
From: Rafia Iqbal <rafia.iqbal@bankfab.com>
Subject: Covid-19 Interception Plans
Attachment: Covid-19 Interception Plans.7z (contains "Covid-19 Interception Plans.bat")

AgentTesla SMTP exfil server:
mail.cotodelvalle.com:587 (195.248.230.192)

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Siggen9.35715.9450.12030.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Nanocore

Status:

Malicious

First seen:

2020-04-09 08:41:11 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

26 of 31 (83.87%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=dpnbpsyrwctndudick77uibxfk22lnxcab4w7byvdp7tgzoxfd2a._file

Verdict:

unknown

AgentTesla

4160539b2a33925fa7937131a22d9b814e0be15026be9c416b323e704e49be12

AgentTesla

46f3d046ecc8a8f4ea7104fe19c6aa1b04998accc564fa4660fceb6c6c51aa8c

AgentTesla

b8fa17693cfb727de11589fd50bfe87ca6b79f361e90301fe81ef9dd08e11e01

AgentTesla

be5f71b132d23c252a0f5ca19b65a72f411f9bcb7404bb4e9bb51f356c224cce

AgentTesla

c0c7aab63783d9634a1cf945a3cc3fdd2d2a780222285b61ff9e39701d598c3f

AgentTesla

d010ef808ebac7a1819291e17fd30ed5e80372702425195c1299b45ee645bebd

AgentTesla

d2d81b10778e3b7c19fcc2a0f4fe51730408ac9ea0b78b3fd5b884a59dad793c

AgentTesla

ed235d058942eeabdbd09e342b36e1747d83fe281608b1785ca075a51607e020

AgentTesla

f99691f533ca56e970f2be2d26ea424ac50bff2aa2bfd43482d0a166bece71eb

AgentTesla

+ 138 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 1a5507078f5ea28189135c246e0b7b67aa32c4f2197e807e958af1608d7082bf

AgentTesla

exe 1bda17cb11b0a6d1d06812bffa20372ab5a5b6e200796f87151bff3365d728f4

(this sample)

Dropped by

MD5 e902468f696169d5bb227961cbca2781

Dropped by

SHA256 1a5507078f5ea28189135c246e0b7b67aa32c4f2197e807e958af1608d7082bf

Delivery method

Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample