MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bfa8ca8a64dfbdd1b607b72848edc7ed107c90eb72b15c93d520392c201364fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bfa8ca8a64dfbdd1b607b72848edc7ed107c90eb72b15c93d520392c201364fd
SHA3-384 hash: 3afa14e23a0fc31bd3c52c288879d3303f8cb20b438078c60d90d37293f349c30bda04597d5738ddfbf2066cecfa06ca
SHA1 hash: 4b4f4c8ce3f7f2303e48fa533086da12746b3557
MD5 hash: 0c42b0efe916ba20aeef66500c0c8521
humanhash: magnesium-october-bulldog-florida
File name:DOC BIDDING _RFQ FOR SHELL_TIMI DEVELOPMENT PROJECT SVI_03 INTERLOCK PACKAGE.exe
Download: download sample
File size:660'992 bytes
First seen:2020-10-14 15:12:18 UTC
Last seen:2020-10-14 15:57:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:AT5p0P/E2iE+pcGgfzUfGxBhllqIzpRzjlXKqnoF/cH6qXL+:C0PYilrq4p4IzvjlaKhH6qC
Threatray 178 similar samples on MalwareBazaar
TLSH 34E4CE0122849A12DC6F7B7F351EDE1027E1BD1F9B32D50DAF993F993EA3A8045A1712
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server.atlasofset-tr.com
Sending IP: 188.225.18.183
From: Nurul Hidayah Imam <hidayah.imam@sapuraenergy.com>
Reply-To: Tay Tze Yen <ty_tay@sapuraenergy.com>
Subject: BIDDING - RFQ FOR SHELL - TIMI DEVELOPMENT PROJECT - VALVE INTERLOCK PACKAGE
Attachment: DOC BIDDING _RFQ FOR SHELL_TIMI DEVELOPMENT PROJECT SVI_03 INTERLOCK PACKAGE.IMG (contains "DOC BIDDING _RFQ FOR SHELL_TIMI DEVELOPMENT PROJECT SVI_03 INTERLOCK PACKAGE.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70861/
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42629.31722.21703.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/491229
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bfa8ca8a64dfbdd1b607b72848edc7ed107c90eb72b15c93d520392c201364fd/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-14 00:58:54 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x6umvcte3665dnqhw4uer3oh5uihzehlokyvze6vea4syiatmt6q._file
Verdict:
suspicious
Similar samples:
386d18d45cb2b33504413196d292b00ef26db3758f5b5cbbb58ad240be7d7af6
7ce968d0fc6d6ef86fa1c73e383a21b7cdd401eeaa9daefad0d2b20de042a8e5
a2e772a2b72091fc5996f64198684e85e9d521f620d435c90e36d3327ad44592
abbc118eb1bf05f65a684916411d404bfb76e44bd498c9be15ba798561e9effd
afd34bbcb2f23723f06c6cfcca2d802b15b78cbb6d74b4cdefd49b8b230c1f4f
d0d0d5a151b9b3b42d889373ec62cc4c3f7339cf93cad5ca4d107707298d8005
d7c81b22b82c19f2c3b05ba1b222e317975cc16f4900db415c8e723c7f2eff06
e513fe3d22372fe4e0da834dbecd9fda11473a5861b195d9330b2b23c82650e8
ec66bb08e7be3e235c199b1f253e949fc4296b105b7046cca10ae732cf347873
fe15f4f81105e03404643fa842168b56482ea6e6772c95f0ffb56c0b0f69678f
+ 168 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201014-qge9qcxens/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
bfa8ca8a64dfbdd1b607b72848edc7ed107c90eb72b15c93d520392c201364fd
MD5 hash:
0c42b0efe916ba20aeef66500c0c8521
SHA1 hash:
4b4f4c8ce3f7f2303e48fa533086da12746b3557
Link:
https://www.unpac.me/results/b4bc2f05-180f-4bba-9de6-893124a856f9/
SH256 hash:
01dd844990e0c5fdcea0f88712253aa1ef4750316f0734ab7099306170b5ea2a
MD5 hash:
eb593633270aa19162cf64663df9dd6c
SHA1 hash:
2ec57181471ff10abe9a04239ca3ea86ea4252b9
Link:
https://www.unpac.me/results/b4bc2f05-180f-4bba-9de6-893124a856f9/
SH256 hash:
fb96aaebf92a6ac04e9890c045ac6db7fbb8e036e8e7081f6a47c905f60ad537
MD5 hash:
af745b72962f62f6ec99ef37fdcd72d6
SHA1 hash:
597fd4798176d79860b426ff99c9b7ac7cc50653
Link:
https://www.unpac.me/results/b4bc2f05-180f-4bba-9de6-893124a856f9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bfa8ca8a64dfbdd1b607b72848edc7ed107c90eb72b15c93d520392c201364fd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img 2341d2eba9d6f7377bbc793e7a380a4d4f220c49cbe6326b6a91996d06c7607e

Executable exe bfa8ca8a64dfbdd1b607b72848edc7ed107c90eb72b15c93d520392c201364fd

(this sample)

  
Dropped by
MD5 37003022d13294405194772e315ffe16
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/70861/
  
Dropped by
SHA256 2341d2eba9d6f7377bbc793e7a380a4d4f220c49cbe6326b6a91996d06c7607e

Comments