MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 29a6de2c6e06ba50e91fc7da92e1f9f0b5d4427d0fbe8b8242a201ecb3410d1a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 29a6de2c6e06ba50e91fc7da92e1f9f0b5d4427d0fbe8b8242a201ecb3410d1a
SHA3-384 hash: dc0d63a67eedb3c09c211b6ceeee5eb94a7c6ac16a5ceca40a7830fb51f667c7d8b9789c9d3787bfca16fcefd47687e8
SHA1 hash: 25d37f4a6491932aa5805831e84a814faf98c8fe
MD5 hash: 65e7c8a5b018aa7cb5e6ccf95f301069
humanhash: zulu-monkey-undress-uranus
File name:New Purchase Order.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:455'809 bytes
First seen:2020-06-10 12:25:42 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:vDM2SoYQq2LIAoMtcfkRTuIvbv/IXUseM8ZL3gBq5fL:vDFFYQ1oacfExTMeM8Zjgm
TLSH 1FA423E7DEF39652AD31F0C67C3A0EE15618EBC57CBF0224604E6A294A479FBB950113
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email
From: Darshit Patel>darshit.patel@bray.com
Received: from bray.com (unknown [103.151.124.95])
Date: 10 Jun 2020 05:17:11 -0700
Subject: Re: New Purchase Order
Attachment: New Purchase Order.rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:32:32 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fgtn4ldoa25fb2i7y7njfypz6c25iqt5b67ixascuia6zm2bbuna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 29a6de2c6e06ba50e91fc7da92e1f9f0b5d4427d0fbe8b8242a201ecb3410d1a

(this sample)

AgentTesla

Executable exe 2b115e42d37b2c740cf134413b64a79dd1486a08766d0d53a1fa70c9066163a3

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2b115e42d37b2c740cf134413b64a79dd1486a08766d0d53a1fa70c9066163a3
  
Dropping
AgentTesla

Comments