MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9bf72f5f929517c7a7c307c1d851648229f49bcd7a6c43e6b9b613c3da239fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f9bf72f5f929517c7a7c307c1d851648229f49bcd7a6c43e6b9b613c3da239fd
SHA3-384 hash: 8b62ac663d1bb48961221977a02690b5c2a8a2460e164d020631f0338f5f5c8319a76882afc0dea6fb81d628629947f9
SHA1 hash: 3f1c5cefdfdccba31a783932f9ffa6ffbdfbc3b7
MD5 hash: d8ba9efc89a1903a90ae719b296d4601
humanhash: eighteen-mirror-seventeen-winner
File name:Payment copy.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:484'014 bytes
First seen:2020-08-13 05:50:48 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:qO9Wr9vyv9zpYFoek7py+//e2C7EJSIujC0bcnX2O:qO9WrNS9yksWC7hId0yL
TLSH 42A423DCF0C63C5E3369A92276CAF8BC5DDFF4B2BA53D0381D5DA891161A9831EE1184
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email
From: "KARL Sung Kee" <s.nasrollahi@aiti.org.ir>
Received: from mail.hooberhost.com (unknown [91.98.97.245])
Date: Wed, 12 Aug 2020 03:37:29 +0100
Subject: Re : Payment
Attachment: Payment copy.rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27419.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f9bf72f5f929517c7a7c307c1d851648229f49bcd7a6c43e6b9b613c3da239fd/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-12 02:22:41 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7g7xf5pzffixy6t4gb6b3biwjarj6sn426tmiptltnqtypnchh6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f9bf72f5f929517c7a7c307c1d851648229f49bcd7a6c43e6b9b613c3da239fd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar f9bf72f5f929517c7a7c307c1d851648229f49bcd7a6c43e6b9b613c3da239fd

(this sample)

AgentTesla

Executable exe 06a43f2e4a6820a9356cdcd8b6d7eeb504c5f7152200f332ddbf014bdf8e7fbb

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 06a43f2e4a6820a9356cdcd8b6d7eeb504c5f7152200f332ddbf014bdf8e7fbb
  
Dropping
AgentTesla

Comments