MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 43820a949ab867dd20307eb6a83163d343b30a10129e9038e1c1e7b05ff4829f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 43820a949ab867dd20307eb6a83163d343b30a10129e9038e1c1e7b05ff4829f
SHA3-384 hash: 267679cb20872e20d14420e33aaf23dda74e02769f14a3bbd29a394a45c5023f73f9ed23313479c8a0316229827342ce
SHA1 hash: 5d2b27678bef291e1f2ade513c614a24786b0150
MD5 hash: 19bdedabd812bcaec743437c68a61fca
humanhash: sink-washington-solar-september
File name:Zeichnungen Muster.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'611'047 bytes
First seen:2020-04-22 11:16:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:4B9kt+mdHStEFfl1xf95Qcwev4f7dj0tLsAG:4YRH5fl1z5Q/1hIrG
TLSH CA7533E96A7D28DC36361DB3B91227406C2A182BC22F2D00C5AD71D296E1FE1FB5D359
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email
From: dariusz <dariusz@stiens.de>
Received: from pucara.lineadns.com (pucara.lineadns.com [50.28.15.52])
Date: Wed, 22 Apr 2020 07:14:20 -0300
Subject: Re:Re

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Ramnit-1849
Create hunting rule

Win.Trojan.Ramnit-1847
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Virus.Ramnit
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 11:35:28 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
38 of 48 (79.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iobavfe2xbt52ibqp23kqmld2nb3gcqqckpjaohbyht3ax7uqkpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 43820a949ab867dd20307eb6a83163d343b30a10129e9038e1c1e7b05ff4829f

(this sample)

AgentTesla

Executable exe cfd13da57bb620ec32a6ad174d4d4cac2c715af8e7aaa57931574152f5fffdd9

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cfd13da57bb620ec32a6ad174d4d4cac2c715af8e7aaa57931574152f5fffdd9

Comments