MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 969096f196845e817272caf19012347eea2006e38c8e988c28a73c0543b1d938. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 969096f196845e817272caf19012347eea2006e38c8e988c28a73c0543b1d938
SHA3-384 hash: 5b24aa0312aa82acee755a66312e1b0646fca1f84aa71974fce9f443f04d95ce2b8d01657aaecbfe6df261d41d085530
SHA1 hash: 5a60ab1e723e44f7eabb139569650e3fc1bc071e
MD5 hash: ba571f7046bac4762146173b6341a90e
humanhash: paris-whiskey-echo-orange
File name:UNPAID INVOICES VENKTRON TRN S.O.A #100038927800003.pdf.r15
Download: download sample
Signature AgentTesla
Create hunting rule
File size:945'146 bytes
First seen:2020-05-01 14:32:59 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:xzjSrQDrjINZjXK5oC/1rd+Qr75iOIo3smua:xirOjuta5oCtZ1iJhda
TLSH 0A15337D3E60E0B9D45D8704C69C0656A3C8999D2298830F7E0AEA3FC4C5B9B6CFD725
Reporter cocaman
Tags:AgentTesla r15


Avatar
cocaman
Malicious email
From: "Ms.Ethiel Flories"<lment@qwestoffice.net>
Received: from qwestoffice.net (unknown [191.101.130.212])
Date: 01 May 2020 07:26:15 -0700
Subject: FW: Payments//VENKTRON TRN #100038927800003
Attachment: UNPAID INVOICES VENKTRON TRN S.O.A #100038927800003.pdf.r15

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 19:46:00 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s2ijn4mwqrpic4tszlyzaerup3vcabxdrshjrdbiu46akq5r3e4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 969096f196845e817272caf19012347eea2006e38c8e988c28a73c0543b1d938

(this sample)

AgentTesla

Executable exe 4297b0f564c12f9b864cb9c48b6b408ca13349dcc557c3243fe398d4921a8a8b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4297b0f564c12f9b864cb9c48b6b408ca13349dcc557c3243fe398d4921a8a8b
  
Dropping
AgentTesla

Comments