MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 647e4a06ecaf7d9f5f992c7e52bb985bdc0e2000c2ccbdda5bb68ca78ede2e12. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 647e4a06ecaf7d9f5f992c7e52bb985bdc0e2000c2ccbdda5bb68ca78ede2e12
SHA3-384 hash: 3163aac5bc2cf2d3a83e999ee49a4c7d7fbae2126d551894ca03cec4170f4e7b824a84eb688f7dd4cda3d7567a926d78
SHA1 hash: ffe90a04a859ce2950e2a4c1c7afb371ec49ffeb
MD5 hash: e5859430e43ff8511f67620c401392bf
humanhash: winter-sad-nine-oxygen
File name:LIST0117398902791PDF.7z.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:530'799 bytes
First seen:2020-08-31 12:57:00 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:bFLFT5PInWjbsA+j2YO/jM40d7SZ6V2fNeQah69S1hI1kdnqQ+B9M:bFRTqn53jWL02v9Dga1kEQmm
TLSH 02B4330DA17D73A13A50E657E5CAB178381DAAF65DE37A79EC485B03720699C0B370F0
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: Commercial office <sales@higinfu.com>
Reply-To: cbuccioliatlgroupit@vivaldi.net
Subject: Offer
Attachment: LIST0117398902791PDF.7z.rar (contains "LIST0117398902791PDF.7z.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/647e4a06ecaf7d9f5f992c7e52bb985bdc0e2000c2ccbdda5bb68ca78ede2e12/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-31 06:04:42 UTC
AV detection:
2 of 48 (4.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mr7eubxmv56z6x4zfr7ffo4ylpoa4iaaylgl3ws3w2gkpdw6fyja._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/647e4a06ecaf7d9f5f992c7e52bb985bdc0e2000c2ccbdda5bb68ca78ede2e12

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 647e4a06ecaf7d9f5f992c7e52bb985bdc0e2000c2ccbdda5bb68ca78ede2e12

(this sample)

AgentTesla

Executable exe d4eec3387fde66fc5b45135db86b9fcdebcb75e199fe9be1a834d89cac6b9d13

  
Dropping
MD5 68f96495af73a997500b00b2a88b599b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d4eec3387fde66fc5b45135db86b9fcdebcb75e199fe9be1a834d89cac6b9d13

Comments