MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd5f4c6e49cf4f431897aa1240080af7996d5a88c51f0239dc0d4b80783b6a58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	bd5f4c6e49cf4f431897aa1240080af7996d5a88c51f0239dc0d4b80783b6a58
SHA3-384 hash:	91ffc705a770031e313870f487e77b262dbcad1c0b74270be9d0d26a00ab095855967aa5605fab655822a2ae31a1edca
SHA1 hash:	41c1c2ccd91d8f9edfbaa3d348fb85ac8d9a8611
MD5 hash:	99940e0a8b7761cf3eddff40b41ea781
humanhash:	florida-mango-sink-johnny
File name:	TNT AWB #8013580.uue
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	649'656 bytes
First seen:	2025-05-02 07:41:56 UTC
Last seen:	Never
File type:	uue
MIME type:	application/x-rar
ssdeep	12288:nVHGVCLbM6vFj5e7E0k4zSUe6OB5OCmePDHHXve7FBysdFj4qjnQHw+5P/UYSuj3:NGVe46tj50zOUGBE8DC/dFj4fw+Zf3
TLSH	T1C8D42380C6EDC974173AB7265F27436F3159AE740C079E9B623EA5AAC347E34C4E814E
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	cocaman
Tags:	AgentTesla TNT uue

cocaman

Malicious email (T1566.001)
From: "T&T Express <First.Last@tnt.com>" (likely spoofed)
Received: "from cb1.child-benefit.org (cb1.child-benefit.org [67.21.33.19]) "
Date: "1 May 2025 08:58:23 +0200"
Subject: "RE: TNT Express //Arrival Notice // AWB #8013580 4/30/2025"
Attachment: "TNT AWB #8013580.uue"

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

93.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6811b254c8b2e86d0ac4f809

Tags:

agenttesla lien

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

formbook obfuscated packed packed packer_detected vbnet

Link:

https://www.filescan.io/uploads/68147751d95f3e34e95ec343/reports/8bad8ba5-071a-41b7-ba61-87081788e2cf/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/bd5f4c6e49cf4f431897aa1240080af7996d5a88c51f0239dc0d4b80783b6a58

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bd5f4c6e49cf4f431897aa1240080af7996d5a88c51f0239dc0d4b80783b6a58/

Threat name:

ByteCode-MSIL.Trojan.Taskun

Status:

Malicious

First seen:

2025-04-30 03:33:02 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

18 of 24 (75.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=xvpuy3sjz5huggexvijeacak66mw2wuiyupqeoo4bvfya6b3njma._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/bd5f4c6e49cf4f431897aa1240080af7996d5a88c51f0239dc0d4b80783b6a58

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)