MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9c12bdfdad4308e5cb76ac64dd8eadbfaa8282424aae2d9fd7cc750deeaa525. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9c12bdfdad4308e5cb76ac64dd8eadbfaa8282424aae2d9fd7cc750deeaa525
SHA3-384 hash: 24527681503c9688a8faf759428b2e5da39d41beb54a9ef0bcd9cc73203d21ef8c0bbcf99d9df55121125146d90b94dd
SHA1 hash: 937a1833914fe6343e765c680e1d84acc4ac1021
MD5 hash: bb4c7f7200276d8ff9c64cf5d76d2bd3
humanhash: eighteen-twenty-venus-ohio
File name:Request for Quotation.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:631'523 bytes
First seen:2020-09-09 06:21:32 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:k33Lp5INS9xshRVRfrTAPwSOgbJ0ZAC0QHlqG0cVweM6q:c3XIs9xsh/FkoSKAxQHlqel7q
TLSH A7D42319118EABFFCC298863BD17D18D5F3F47EF0AB7104A2C95263D6A5461AF817780
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email
From: Mawjat Al-Shamal Trading>riyadh.sales@waveautomations-sa.com
Received: from waveautomations-sa.com (unknown [103.133.106.246])
Date: 08 Sep 2020 23:05:25 -0700
Subject: Re: Fw: Request for Quotation - Urgent
Attachment: Request for Quotation.rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b9c12bdfdad4308e5cb76ac64dd8eadbfaa8282424aae2d9fd7cc750deeaa525/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-09-09 06:23:05 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xhasxx622qyi4xfxnlde3whk3p5kqkbeesvofwp5ptdvbxxkuusq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b9c12bdfdad4308e5cb76ac64dd8eadbfaa8282424aae2d9fd7cc750deeaa525

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar b9c12bdfdad4308e5cb76ac64dd8eadbfaa8282424aae2d9fd7cc750deeaa525

(this sample)

AgentTesla

Executable exe c3ff2e79a8c6e932bd5c6ba0898916ca3382e27f0d33c153dca12f061bc2c708

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c3ff2e79a8c6e932bd5c6ba0898916ca3382e27f0d33c153dca12f061bc2c708

Comments