MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 314f0f442df7637e5a3fe94fadbc03b82d1165e58fa41c5d6881f857f61e3575. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 314f0f442df7637e5a3fe94fadbc03b82d1165e58fa41c5d6881f857f61e3575
SHA3-384 hash: 3cbeb4e2d565b78cdd2029f1a8ecc5d22bb52221d7f922cf64ceb6a017e135226a5c2bf8560c8c7cf3677d48ceeef633
SHA1 hash: f7ad263f6e6fe9a54548dee20d2590866223075e
MD5 hash: fd28c5f792e73e36cdf6da68fad7a394
humanhash: west-jersey-summer-video
File name:UYHBH.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'306'624 bytes
First seen:2020-10-06 05:44:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash afcdf79be1557326c854b6e20cb900a7 (1'102 x FormBook, 936 x AgentTesla, 399 x RemcosRAT)
ssdeep 24576:OAHnh+eWsN3skA4RV1Hom2KXMmHaHkZUQmUJqECnqiIyIGS1D5:5h+ZkldoPK8YaH+nJxFyIP/
Threatray 770 similar samples on MalwareBazaar
TLSH 7F55BE0273D1C036FFABA2739B6AF60556BD79254123852F13981DB9BD701B2223E763
Reporter abuse_ch
Tags:AgentTesla Akbank exe geo TUR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: alnassar.com.sa
Sending IP: 162.244.93.110
From: AKBANK T.A.Ş. <hizmet@bilgi.akbank.com>
Reply-To: hizmet@bilgi.akbank.com
Subject: Akbank Vergi Tahsil Alındısı (Ref:2164430253) 06.10.2020
Attachment: Akbank Vergi Tahsil Alındısı.img (contains "UYHBH.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/68404/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Sending a UDP request
Launching a process
Using the Windows Management Instrumentation requests
Forced shutdown of a system process
Enabling autorun by creating a file
Unauthorized injection to a system process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/482289
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
AutoIt script contains suspicious strings
Binary is likely a compiled AutoIt script file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/314f0f442df7637e5a3fe94fadbc03b82d1165e58fa41c5d6881f857f61e3575/
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-10-06 01:04:16 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gfhq6rbn65rx4wr75fh23padxawrczpfr6sbyxliqh4fp5q6gv2q._file
Verdict:
unknown
Similar samples:
12e5bd0d0f2a4e37702b096487a48992d98c846e79e9e0ef5c900e15e6e563f2
AgentTesla
48b1f899e7ad8d880a6bf9d97ada6507c4403c8d8e81815f83fb8181ca247008
AgentTesla
4951a0fc882c8d7590f4edac6f7b7e0408510d2db4353c3f5ff20c25ac60a92e
AgentTesla
628fb13f63d68b25083522f21c084fc565fd8fe57e05b95b35b76ac01fdbf5ff
AgentTesla
6d1cfff093998c807b9c5dc3fd122adbea40c5bad0cad4cbe10b43932c28bdd9
AgentTesla
89f1ed8a332907a1e20a452f773576cc53bc7bfcb2aeb20eb4501d57a5574d2e
AgentTesla
b052d189fbba69117efc6e10e1cada3faee844cb59b5f0d1482734976c72bd58
AgentTesla
cda432c107c3fa22908941cec37a18edb507ceb2c83d70caf87031d2b5817afa
AgentTesla
da362c114efb6a8f52b94b4554a7dcf6594eb2408f16d22cbd3cdbc520eb86eb
AgentTesla
e897888dd36ab2a5740030d628f510ef0563d9d039e896b45134a4a5c4a82bb7
AgentTesla
+ 760 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
spyware keylogger trojan stealer family:agenttesla
Link:
https://tria.ge/reports/201006-8vcg2qr2be/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Drops startup file
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Unpacked files
SH256 hash:
314f0f442df7637e5a3fe94fadbc03b82d1165e58fa41c5d6881f857f61e3575
MD5 hash:
fd28c5f792e73e36cdf6da68fad7a394
SHA1 hash:
f7ad263f6e6fe9a54548dee20d2590866223075e
Link:
https://www.unpac.me/results/d62e4f27-71e9-4f25-91e0-fe84d28c7cb5/
SH256 hash:
b534ca2d7970fa3fdd582fb3a6664c015a423a67f40efca8829647ed330795f8
MD5 hash:
c89426e9d0a49b3c6a9fe1703b4cf585
SHA1 hash:
e55846c77f5b8a9e2564a90515ecd4126bc2fe00
Link:
https://www.unpac.me/results/d62e4f27-71e9-4f25-91e0-fe84d28c7cb5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/314f0f442df7637e5a3fe94fadbc03b82d1165e58fa41c5d6881f857f61e3575

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img bb1899fd7cf797fbf9c96e11e07c07407c2232022a244ea815a69b9cbc9eb954

AgentTesla

Executable exe 314f0f442df7637e5a3fe94fadbc03b82d1165e58fa41c5d6881f857f61e3575

(this sample)

  
Dropped by
MD5 f5d4744924bd1847be6ad8ceb9586de1
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 bb1899fd7cf797fbf9c96e11e07c07407c2232022a244ea815a69b9cbc9eb954
Cape
Cape
https://www.capesandbox.com/analysis/68404/

Comments