MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf5ffbd0909424adb18dcdf238e0829784b9f3372f28d828fde0e158d8360584. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	bf5ffbd0909424adb18dcdf238e0829784b9f3372f28d828fde0e158d8360584
SHA3-384 hash:	ab9ea930b655c00f644a000d0f01b4f4911269c3341281392ce98717c0e297d110ced837b96c8512318bc0cde9644209
SHA1 hash:	9187c06d9c1cf6ab0838b46dc7ce054479d7cba4
MD5 hash:	1cf673dc94d0f182895476cc9617fc70
humanhash:	fish-solar-autumn-snake
File name:	Payment ACK Swift 04-07-2020.bat
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	159'744 bytes
First seen:	2020-04-08 04:31:24 UTC
Last seen:	2020-04-08 05:49:32 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	06786c002718df7cb35ad4d2cb0372fe (1 x AgentTesla)
ssdeep	1536:stA+Bc9wcTfSl8LaV5i/MOsv0meR3oSEsNES6S2yAgs9I/V:qA+m9w6fHL25ikOsv0m9SEsyS6SVd
Threatray	913 similar samples on MalwareBazaar
TLSH	67F34168BFA0BEE4F51608B5B9387E7C14E43C31190D950FFAC277666879628F930A53
Reporter	jarumlus
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Packed.Generic-7663293-0

Gathering data

Threat name:

Win32.Trojan.Fareit

Status:

Malicious

First seen:

2020-04-07 22:02:15 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

25 of 31 (80.65%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=x5p7xueqsqsk3mmnzxzdryecs6clt4zxf4unqkh54dqvrwbwawca._file

Verdict:

malicious

Label(s):

guloader

AgentTesla

2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c

AgentTesla

3667b7518f2634bfd589f12fe1fd6e7ec1701030529dd3ece0b04705e76e5e06

AgentTesla

37a3468d527e22a4cdd0c1e8717a5bca60db2cd8aaace1a4d25b65eeccd8079c

AgentTesla

40c27e805186cc26240cbf37d1d2809412c42e2a3610fdff32cf5b8ce35459e2

AgentTesla

9cbe5097d40713390439b736ac90f7ac008db11188a9b8d0ad40fec39d5cff12

AgentTesla

a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff

AgentTesla

bbb38a432f7eff2a12b72c3ed853e937fbf5d7b9bd23b9f8ab61beb6bd594c10

AgentTesla

c688c6b0f5bd44c8d37e810000892ce8d0e2225f1dd04a92d454fd60c7cdc779

AgentTesla

da52dddf3fb5de8859dd962bc96eeb267fc4e723682c3defec35672be1441e5e

AgentTesla

+ 903 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef MSVBVM60.DLL::__vbaLateMemCallLd

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample