MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b98832cd02b45119f6dd5260cf38c518089a03daa7b46e2462d43d9dd92236a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b98832cd02b45119f6dd5260cf38c518089a03daa7b46e2462d43d9dd92236a
SHA3-384 hash: 23a1d8ba3d390ddbe99a56ef2e55a9f1019824525f8b19e231bc5c1dae5c6283b8ff8f7624cdec09cb20b0cbc1a04d97
SHA1 hash: 3869bc4160c3f5bdd12f826d42424e2407390db9
MD5 hash: 262bf1e3d80e1cb63c6523d8550fa52e
humanhash: moon-cat-triple-winter
File name:Documents.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:510'178 bytes
First seen:2020-08-13 09:07:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:hIWfBECk/K4HIyNUgg1JRPm26XP5QY21+BE:hCl/NIyNUZvRO2UFpm
TLSH 45B423D18471EE393FD288AACC388474E3DEC499372BE1BADAB449F067E3564574260D
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: out1-71.antispamcloud.com
Sending IP: 185.201.16.71
From: purchase.bng@mundipharmabangladesh.com
Subject: MTB INQUIRY_OFFER N. : 46478/2020 Rev.1_AC CAMPOS
Attachment: Documents.rar (contains "CK5lbqKHjGUSdnq.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0b98832cd02b45119f6dd5260cf38c518089a03daa7b46e2462d43d9dd92236a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 09:09:05 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bomiglgqfncrdh3n2utaz44mkgaitib5vj5unysgfvb5txmsenva._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0b98832cd02b45119f6dd5260cf38c518089a03daa7b46e2462d43d9dd92236a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 0b98832cd02b45119f6dd5260cf38c518089a03daa7b46e2462d43d9dd92236a

(this sample)

AgentTesla

Executable exe dc5e3bcef2f3b34680f39535d4f51d348f2bd4ef5bc9eba14ab97cf01b81a554

  
Dropping
MD5 25709e29871d9908896db74fd170c80d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dc5e3bcef2f3b34680f39535d4f51d348f2bd4ef5bc9eba14ab97cf01b81a554

Comments