MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a05343f785c283336d5b9eea06c3827209ecd87b6f6bdc9f32f9675a2b4c3e8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a05343f785c283336d5b9eea06c3827209ecd87b6f6bdc9f32f9675a2b4c3e8b
SHA3-384 hash: 846bd44c3bb973113f08fefa791eba6af20c4d0bcffedaaa713214d0c9134fd49bb75a8114a0fa6a33b4800d4b1c5312
SHA1 hash: ca363f26387a5883edd4bf44da86b4d90855da17
MD5 hash: 7f949e85d5e5068bdeefc3a9a75c5628
humanhash: pizza-lemon-alabama-ceiling
File name:INVOICE.exe
Download: download sample
File size:486'912 bytes
First seen:2020-08-18 10:53:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:mDKDHYiOciwhXntJolHFI94JEIgIJHIdGYliujJyuqt:m28iOc32lHFI94JEIgIJHIdNyuqt
Threatray 28 similar samples on MalwareBazaar
TLSH 1FA46C676349AB1FC2BE92F7F0B54806ABB0C611A1CFE3AA19CCA8705DD37650DC7164
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: seventeen.qservers.net
Sending IP: 72.52.251.1
From: Michela Rubini <info.trade@bhwo.org>
Subject: INVOICE
Attachment: INVOICE.rar (contains "INVOICE.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47688/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a05343f785c283336d5b9eea06c3827209ecd87b6f6bdc9f32f9675a2b4c3e8b/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 10:55:06 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ubjuh54fykbtg3k3t3vanq4coie6zwd3n5v5zhzs7ftvuk2mh2fq._file
Verdict:
unknown
Similar samples:
1e3003997089d725802aea73f61a35f7a568c05b16251e2d93ea8a3f8973b1d3
3640e0bfb26ad5e7cf64e2b1b927031f49b84c1dab0e4460b18de6e57904ff7e
416f9746f079b7af4180264d06ce55b88b1547d9a9da8db352e06a13aa5cf4a1
92f26df2b8881b2971127cc9bd67d17924b895e4124092d49fdc6ebe4d362620
a7ef4ee04196bec21da515066ffd2c59a040e0004f0c69fb046347f574998db4
aee0659a73d3ce6eaaeafcfe545290f95e8e52c3f640fca9fcdb984a17ee27c0
b860c68b8a4ca548c005de132b6b2870a43baab32df04c32588d70da1ae47b6e
b8d1d962744d0c6ab3abe293c4671b3ba6524f623f9d6f02361bc60eec7b4cb4
e2d8bfec4161287caf4f118ec66daaceb71c6fdda1b4aa16f8810f8a66f59013
f18bf944f9365beda201e63d97f1b93139994d9cef424f855d691cf797c33d0f
+ 18 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200818-62gpnfhe4x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 5f2d35ba9e3481eccfaf77bd6568882f7859ccbb546727ee8f00946ca2f91288

Executable exe a05343f785c283336d5b9eea06c3827209ecd87b6f6bdc9f32f9675a2b4c3e8b

(this sample)

  
Dropped by
MD5 dd8d1a9538e0f97bea7b148e0fbbbc74
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/47688/
  
Dropped by
SHA256 5f2d35ba9e3481eccfaf77bd6568882f7859ccbb546727ee8f00946ca2f91288

Comments