MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf7094199eb4a7e05b0044219a88f7434532254174e6b6f087299f8deedbfb7a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf7094199eb4a7e05b0044219a88f7434532254174e6b6f087299f8deedbfb7a
SHA3-384 hash: 02f29fa63c8d48879d082d3884400112066e387efe8a8502cb8629d67ba961b0d6369b1fd9c69c6477d48f82b71531a3
SHA1 hash: 9bf03d6f89f6aa9c837a3ab41accb9c7a2d523d5
MD5 hash: 2f8f63f836491d3734a2dce297e3cbb6
humanhash: dakota-neptune-sink-arizona
File name:amila4.0.exe
Download: download sample
File size:51'920 bytes
First seen:2020-10-13 12:26:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 384:iRw12ts+hrX7ObDXKgfCe6BYhGsnFD26dmOpZOp66r5cxZDgf2hO:VkeM+D2spebaxZUf2hO
Threatray 4 similar samples on MalwareBazaar
TLSH 89339A0A50A9DEBEFAB131FE14D3D28081F47C9B955CC67B6AFE8CCD50B1A54020B679
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: 159556.MONOVM.COM
Sending IP: 193.239.84.249
From: Sales06 <aramaki@morisita-fastener.co.jp>
Reply-To: uttarabenz@gmail.com
Subject: Fw: Payment-Order_HT_20191129
Attachment: purchase first Order PO_197612.lzh (contains "amila4.0.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70433/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
Sending a UDP request
DNS request
Sending a custom TCP request
Creating a file
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
4 / 100
Link:
https://www.joesandbox.com/analysis/489640
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf7094199eb4a7e05b0044219a88f7434532254174e6b6f087299f8deedbfb7a/
Threat name:
ByteCode-MSIL.Infostealer.Tepfer
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 05:46:28 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x5yjigm6wst6awyaiqqzvchxinctejkbottln4ehfgpy33w37n5a._file
Verdict:
unknown
Similar samples:
4e8319b60657f5cf0267967a37408e78f37569dea6fe24db2ddb49bb58cb9a04
88e157995a6f79f670bad1611fdba6514152bb1f2682e0dbc28c3e9291b8c221
f3a47b8fdddf8c8f83ce7a337d32400002137f36d52d60ec5553339369e8bb28
fc00ea7ef331265218e64f035bd729c59131d237326e0fc76d0e7572c0220276
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201013-vl2b2vfcaa/
Behaviour
Delays execution with timeout.exe
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
bf7094199eb4a7e05b0044219a88f7434532254174e6b6f087299f8deedbfb7a
MD5 hash:
2f8f63f836491d3734a2dce297e3cbb6
SHA1 hash:
9bf03d6f89f6aa9c837a3ab41accb9c7a2d523d5
Link:
https://www.unpac.me/results/55c929e9-9920-4a4a-afc5-230c65861cbf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bf7094199eb4a7e05b0044219a88f7434532254174e6b6f087299f8deedbfb7a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip bf1e9d1bb0b5d53567805b0e5f5a9e49b4c07799fd63d1617192f98a68d9a513

Executable exe bf7094199eb4a7e05b0044219a88f7434532254174e6b6f087299f8deedbfb7a

(this sample)

  
Dropped by
MD5 b2d453597ac8589e040710df972d14ec
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/70433/
  
Dropped by
SHA256 bf1e9d1bb0b5d53567805b0e5f5a9e49b4c07799fd63d1617192f98a68d9a513

Comments