MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97b9977f279f7aab5a088bb4324ad745abab63c9061f05f5623bd10389c85350. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97b9977f279f7aab5a088bb4324ad745abab63c9061f05f5623bd10389c85350
SHA3-384 hash: 09f212f5f7ac91f652ca7a1b12bd98011f6355e4df2db9b6e35bf90cb61d04e2d49c7f52675019db358041694a07ba4f
SHA1 hash: 0c7da77f94d7ae331f196c75d36a8fabea7cca36
MD5 hash: 322c157ce863839f9dc8eef76ee83540
humanhash: pip-may-fifteen-sixteen
File name:Corona equipments.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:531'164 bytes
First seen:2020-04-14 17:45:55 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:EQ+iY4Fqc1caFb4a3mnS7AHgC7+U/lzT257Bg6ArdHkDw2:GZ4FwPG6h7+UtHY7Bg66EDw2
TLSH EAB423953BD1F242309F31B708EDC7278C1112BC13BB69177936B81E042A6F986E6EE5
Reporter abuse_ch
Tags:AgentTesla COVID-19 r00


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: adcem.com
Sending IP: 103.99.1.142
From: Ben Dile<adcemstore@adcem.com>
Subject: Re: Urgent Covid-19 (Equipment)
Attachment: Corona equipments.r00 (contains "Corona equipments.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-14 18:35:37 UTC
File Type:
Binary (Archive)
Extracted files:
61
AV detection:
21 of 30 (70.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s64zo7zht55kwwqiro2deswxiwv2wy6jaypql5lchpiqhcoiknia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 97b9977f279f7aab5a088bb4324ad745abab63c9061f05f5623bd10389c85350

(this sample)

AgentTesla

Executable exe 2317f17463f1afca13682f949cc61f1d6bc123e681d12a7d645216a0650eae87

  
Dropping
MD5 a8aa9233c43c081c7950b05b79a1d1b1
  
Dropping
SHA256 2317f17463f1afca13682f949cc61f1d6bc123e681d12a7d645216a0650eae87
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2317f17463f1afca13682f949cc61f1d6bc123e681d12a7d645216a0650eae87

Comments