MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc5c1b1b5ea0f43d529c28711f09ae39010969e2af69905ddb8ad294158d57c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	fc5c1b1b5ea0f43d529c28711f09ae39010969e2af69905ddb8ad294158d57c7
SHA3-384 hash:	1e6cae35526e08bace2122404c95a405b5961ea85b20429a139944c782c27c6c85d8e5714e1645ada3ffbf1ff3a436d9
SHA1 hash:	4285d251971772287616c8f1f435ba4fad5988e1
MD5 hash:	9734059b65b21acd10774f3a906718c4
humanhash:	nebraska-black-mexico-carbon
File name:	SHIPPING DOCUMENTS pdf.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	527'360 bytes
First seen:	2020-07-01 14:37:05 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	5f3e5b8686e990e28a0956a16430ec8f (7 x AgentTesla, 1 x NetWire)
ssdeep	12288:kyZEbYyZiDIBJdDTPpdmouHM29UTeObUsxebk9Clw:kyc+I5feGTusEbeC
Threatray	10'990 similar samples on MalwareBazaar
TLSH	48B42352C1D28132E1650D3567360FB05A69F19B1B2C23A08E68ECBE367A1D9EF50F5F
Reporter	cocaman
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

78

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/17686/

Detection(s):

PUA.Win.Packer.Upx-49

PUA.Win.Packer.UpxProtector-1

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-6

PUA.Win.Packer.Upx-4

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

Detection:

agenttesla

Link:

https://mwdb.cert.pl/sample/fc5c1b1b5ea0f43d529c28711f09ae39010969e2af69905ddb8ad294158d57c7/

Threat name:

Win32.Trojan.TrickBot

Status:

Malicious

First seen:

2020-07-01 07:12:54 UTC

File Type:

PE (Exe)

Extracted files:

75

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7robwg26ud2d2uu4fbyr6cnoheaqs2pcv5uzaxo3rljjifmnk7dq._file

Verdict:

malicious

Label(s):

agenttesla

hawkeyekeylogger

Similar samples:

206245d53bb82c709f63b0544db47e0ba5a9822520e332ff818f481f8415f228

2c9caf997f04e5e500275f4660f1a9d629db8a8496629955afa159a614c5f74b

47c8fab622177ddaa495e4b9294c0949be6c7572ef15f831ee7c326af0200ccb

51de766b58a0bc42cddc5a5c347279b788271633f5a99d83a64d9c9c7ea77869

5da4cf63dd4a039633f0ae7091efc702e660369493464956d74979a0d6c6e982

73dc86ee57793216e08fdd43cf42a086245e9d0980b741d62263196295d06bd5

78786a5ff2dbc771a4d1798bfbf2ebc0477b9db30af86b19ee17c8f17fef709e

d13a39457091bca32d5abbf6b42611c1005ec93ff66024461ab7f7c4364f9216

ea39c891ee5af5b1c5d76cb6cfb76cd18e160160fd1a5fe34deec0d240ec7a87

f6cbd42dd07aa22dae1ad0617e9db28998f73d8fa1c528ded46ec284f05cad12

+ 10'980 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/200701-pfb1j5277e/

Behaviour

UPX packed file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

xz ab7d470e4e2d925f8cfc10b91b57105d21bab0f94c7197c228aa14cc71c83ac1

exe fc5c1b1b5ea0f43d529c28711f09ae39010969e2af69905ddb8ad294158d57c7

(this sample)

Delivery method

Other

Dropped by

SHA256 ab7d470e4e2d925f8cfc10b91b57105d21bab0f94c7197c228aa14cc71c83ac1

Cape

Cape

https://www.capesandbox.com/analysis/17686/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample