MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bff997af2c8f1c0aebe9caaf6076c4901c8c3910337510401daf10289c57a5da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bff997af2c8f1c0aebe9caaf6076c4901c8c3910337510401daf10289c57a5da
SHA3-384 hash: 9749de61d0a19c780e3809d5d834e1152033198e1bf7ab7f0db6c939f3a479b075e026fc278e952f09ea6469ed98fab7
SHA1 hash: 58b7625b866225a5d6b59016beacc8cf9a8fb90f
MD5 hash: d3169020a70f5dda7e13b37d2549da79
humanhash: snake-charlie-pip-emma
File name:Statement of Account.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:420'352 bytes
First seen:2020-04-29 18:47:45 UTC
Last seen:2020-04-29 20:04:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:f6q4yY5YY6/rdqEZqKPkgi4TZkmx6rMQbD3V5sof/dIhCe3smLeuwkIBw6611wMz:V/cNSKyZkmA9fxwsmLeubI2xjwXlj8KK
Threatray 315 similar samples on MalwareBazaar
TLSH 2D9412FC4728573FC5BD4BBE6582CD45B366C249C246F3C49DAB2A8D088BBE419642D3
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vatm.vn
Sending IP: 185.118.167.64
From: phuonganh.tc@vatm.vn
Subject: Payment advice-Euro Bank EFG
Attachment: Payment Advice.r00 (contains "Statement of Account.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43062574.3269.28202.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 21:02:04 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x74zplzmr4oav27jzkxwa5wesaoiyoiqgn2raqa5v4icrhcxuxna._file
Verdict:
unknown
Similar samples:
06e83a73a0d058de1811b6ee93f063b97fe79fbab77e2acf0a859cceff815c86
AgentTesla
1b1cfcb20bb2ea0a73543fcdf309e6110bac1663c05fe1e1b334fd4351144db8
AgentTesla
205c64751a28eba3128dc0d7a6f15934caef963bd2cfcd5898f0b7b22d72cf08
AgentTesla
42500f58701c82d20e2255ef2b3b22abe0f0f47e4dc53907c0ca8bafbe01ef25
AgentTesla
44f61a5b242d327e0409b25ae19b30ab35a8a8b5190e98e56d635b27611b55c3
AgentTesla
47e1f71185f193d015191dec0fd981e6591780a336115fe14638b74031531ac8
AgentTesla
782999121ca089a150f34c3527a7e1c1a5f9c59a73034e3bf6ca166c590a47f3
AgentTesla
9fb64fa386e55f14be839d5505943ff8b65451240bd916048ef835d62b1332a5
AgentTesla
d9f827863726fb21fd036363b2090e4454776b3ee1a4665d004da0eaa05126e4
AgentTesla
fcc68c78e81eab01751ffe299b6213e6dbe994a6d197367000371e82a4ac0a41
AgentTesla
+ 305 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 7bb1fe4f87c756b51bfb7d49630ac0fdf4fe5fcd372381aaf509f7f525d0a5b1

AgentTesla

Executable exe bff997af2c8f1c0aebe9caaf6076c4901c8c3910337510401daf10289c57a5da

(this sample)

  
Dropped by
MD5 d5a14dc95ee1cfbd239ec72f417192a2
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 7bb1fe4f87c756b51bfb7d49630ac0fdf4fe5fcd372381aaf509f7f525d0a5b1

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments