MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47feda8e20386951331681d11787443785b9e237a727b43d1cb63503b67809b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47feda8e20386951331681d11787443785b9e237a727b43d1cb63503b67809b8
SHA3-384 hash: 3aa109cad9a11608455a6838662186499436d080bafc48970318b7a052ac34279c648bf7d027039e1a9ba2494275483f
SHA1 hash: 1f6c7f7474568a9521b6ee56f3db839f03ea4b0f
MD5 hash: 5e188869d10af32d0cc14c6831e15e1b
humanhash: sodium-music-timing-twenty
File name:SHIPPING DOCUMENTS 0001100028 + DRAFT BILL OF LADING AND PACKING LIST FOR YOUR APPROVAL.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:291'991 bytes
First seen:2020-05-28 18:27:34 UTC
Last seen:2020-05-29 06:34:14 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:CcgGb2aTLWskmYB0Lz8iaGieYQz0Ti14/US/IFdm+DB:Cj2TWskmYB/itYQQT04/n/IFEU
TLSH E65423B48959E177345E1BE74624F346908BCC9CDCA1EA5FB939F60B124639280A3E73
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email
From: "NABIL RASHEED" <nabil.rasheed@climax-engineering.com>
Received: from box.climax-engineering.com (box.climax-engineering.com [128.199.36.29])
Date: Thu, 28 May 2020 09:22:27 -0700
Subject: fwd: draft bl & pl for your approval
Attachment: SHIPPING DOCUMENTS 0001100028 + DRAFT BILL OF LADING AND PACKING LIST FOR YOUR APPROVAL.rar

Intelligence

File Origin
# of uploads :
3
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 18:36:58 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 47feda8e20386951331681d11787443785b9e237a727b43d1cb63503b67809b8

(this sample)

AgentTesla

Executable exe ba5033938940bfc09e87ad5e2adda522d816c7014d818d65fc07c335fd3a1630

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ba5033938940bfc09e87ad5e2adda522d816c7014d818d65fc07c335fd3a1630
  
Dropping
SHA256 ba5033938940bfc09e87ad5e2adda522d816c7014d818d65fc07c335fd3a1630

Comments