MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 13f1fde2f8426f9ee2addd7ff3a710d9fb7042d875fdf3f0e8e080030da53b83. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | 13f1fde2f8426f9ee2addd7ff3a710d9fb7042d875fdf3f0e8e080030da53b83 |
|---|---|
| SHA3-384 hash: | 6aa30e7a15fbb73e1bc53b0a91b76f4b9753cb470f3e5d1b3a840f4185353cb8f828a011cf76147a1e517c13784ae4be |
| SHA1 hash: | 657ed3b1fae22ab07c22e5eb4c812133ab75c904 |
| MD5 hash: | dd0310744f6e07ca61628ecc17840b78 |
| humanhash: | queen-kentucky-nevada-nine |
| File name: | Q20LS0944.exe |
| Download: | download sample |
| File size: | 649'216 bytes |
| First seen: | 2020-10-19 06:27:16 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'648 x AgentTesla, 19'452 x Formbook, 12'201 x SnakeKeylogger) |
| ssdeep | 12288:986UGJtbhBfpX/VEtTithAYEtsOGBkP6jmiLGtFUA6fPJnBT+yugrI:986UGJtzfpvVEtTWhZCG6P6COisfPeyG |
| TLSH | 38D47C1423885F68E03EA7319860414097F2BC56DB39C55EFDDA2ADE1E32F82C767636 |
| Reporter |  abuse_ch |
| Tags: | exe |
abuse_ch
Malspam distributing unidentified malware:HELO: bashstat.ru
Sending IP: 81.30.192.250
From: Agatha You <pozar@sb.ht.hr>
Subject: RE: Re: Tender No. Q20LSB0944
Attachment: Q20LS0944.IMG (contains "Q20LS0944.exe")
Intelligence
File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Launching a process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-10-19 00:05:47 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
unknown
Result
Malware family:
n/a
Score:
1/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
13f1fde2f8426f9ee2addd7ff3a710d9fb7042d875fdf3f0e8e080030da53b83
MD5 hash:
dd0310744f6e07ca61628ecc17840b78
SHA1 hash:
657ed3b1fae22ab07c22e5eb4c812133ab75c904
SH256 hash:
5fbecb168fca7d5ab4f229d94a1029b3d23de9c32c52b3266ae0729ff73a8e33
MD5 hash:
838d28f69d223f1efe7c61f32a83a0f7
SHA1 hash:
bc86dfd8d28a4af62fdbb9e6e53f6a97084a64d0
SH256 hash:
bac5797bde4b2810766a40d95bcdb825ac5b395fcbadd139daa19a44a6cdc049
MD5 hash:
a92cc1f6e0a2742350dfda6726db14c0
SHA1 hash:
e5404e3ed46498deb8ad8966a774540c2b8e9c1e
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
exe 13f1fde2f8426f9ee2addd7ff3a710d9fb7042d875fdf3f0e8e080030da53b83
(this sample)
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.