MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a545a0435cbff715cd878cad1196ea00c48bd20f3cf1cc2d61670ef29573cc7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a545a0435cbff715cd878cad1196ea00c48bd20f3cf1cc2d61670ef29573cc7c
SHA3-384 hash: acc4b825576b242f1daf66f54fe19e80cf5e570a36e86002cb811cb9e7d6ade250e5f3d03ba5c568768b797a5e76f2e3
SHA1 hash: 42c444b4e8f84e04312f8bc4ac07777f5fadc999
MD5 hash: 0b31febd940317f235f77eea4b7d2f9d
humanhash: alanine-apart-sad-paris
File name:PRODUCT LISTS.exe
Download: download sample
File size:462'848 bytes
First seen:2020-04-02 06:35:08 UTC
Last seen:2020-04-02 07:48:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:NtW0mg2yy3huII/TGo6jEzoEmONJRliaaOv7TJhdh5CUXG+VtiLjIGB2n4:gUTMjCobOPRltaOJhdh5w+VwjzB
Threatray 18 similar samples on MalwareBazaar
TLSH C4A4BF3531EA1256DB76EFB30BD4B87E875AB233130BE538748116C68626B428DC2777
Reporter abuse_ch
Tags:COVID-19 exe


Avatar
abuse_ch
COVID-19 themed malspam:

HELO: linux1117.grserver.gr
Sending IP: 95.216.16.146
From: U.S. Department of Health & Human Services <Hubert@ushealthdep.com.us>
Subject: URGENT NEED: U.S. Department of Health & Human Services/COVID-19 Face\ Mask/ Forehead thermometers..
Attachment: PRODUCT LISTS.zip (contains "PRODUCT LISTS.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.46181.12316.1110.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 02:46:17 UTC
File Type:
PE (.Net Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uvc2aq24x73rltmhrswrdfxkadcixuqphty4yllbm4hpffltzr6a._file
Verdict:
unknown
Similar samples:
059bbd8d7c9d487678e796bce73e5a2c349d08a6dccc65b437f614c55f4940b5
1fc2513878352ba7ec5f8a9fdb6bcd4653b6a14443ec65fd1a59a8fa1c8aa8a6
7602ef063bf7203b635274afea6643df3d8a9fca33b1c82a8d763e7907fe772d
79a6cd0ad542c43bd3b6c3baebe42c7682ad82294ad70a89624c13a9082f1f2b
873420c55723208004de9c7fc00662e82bf297454b6bb04820b5636552ca6e00
8e26ebee195d4120b62cece46d79a74989b899f3c7bda83a14c5f273cd3f098b
cb87b162931d90a491b6f8a62c7e4f948f4940f7e7eb6547816a4965ae8a0ec5
d2cc729be39a3136dde1a0e312f2cf6bffbcf4159f3b724b980e5ac2419a398c
dff74296cf8052e89fc7c49f911e998795262c6f266bf19cda399a0183ea5159
edced06a3011186bdf81b8e16739f41cb226ce9fdd57e9d8d006da27874aea65
+ 8 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 5f9dae2216fbae34044513016ad05e48ce3a150f02c3c159ad1f738fcc783d49

Executable exe a545a0435cbff715cd878cad1196ea00c48bd20f3cf1cc2d61670ef29573cc7c

(this sample)

  
Dropped by
MD5 1ac0d2dcb0ff767b99b366f4ca4f577b
  
Dropped by
SHA256 5f9dae2216fbae34044513016ad05e48ce3a150f02c3c159ad1f738fcc783d49
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments