MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c4d69af26ed7b68eb62a79194bb3a1660fd33c9fa1d539bed4e7a1f9d3a3bf8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c4d69af26ed7b68eb62a79194bb3a1660fd33c9fa1d539bed4e7a1f9d3a3bf8
SHA3-384 hash: 2d60131e6a629ba7455485950469dd9432613b432b6810a2102710d58436e2d36d8a89a1a0070d7d31e2e3d8e2e3b0e1
SHA1 hash: 3c658c79b54b923af9d469d1d62fa41218091e78
MD5 hash: 2ee9dc577080bacad4b0c21531056016
humanhash: hotel-romeo-fix-ohio
File name:#ENQ67548820.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:710'580 bytes
First seen:2021-04-05 17:40:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:08wM+1z39VPxrV+zYkugwgxgiNbjxc23Xbig8x+9vRjg3/VhsmK64dUJPWyDLUxo:NwMMz3975+EkLPxgiNbtckOew/PppPVX
TLSH 17E4336EBA13972B488B5CE107C60CFAF5B11DC262949057DC62749D6FBC023F742AA7
Reporter GovCERT_CH
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36638050.32666.27068.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/0c4d69af26ed7b68eb62a79194bb3a1660fd33c9fa1d539bed4e7a1f9d3a3bf8
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c4d69af26ed7b68eb62a79194bb3a1660fd33c9fa1d539bed4e7a1f9d3a3bf8/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-05 06:03:31 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=brgwtlzg5v5wr23cu6izjoz2czqp2m6j7iovhg7njz5b7hj2hp4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0c4d69af26ed7b68eb62a79194bb3a1660fd33c9fa1d539bed4e7a1f9d3a3bf8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 0c4d69af26ed7b68eb62a79194bb3a1660fd33c9fa1d539bed4e7a1f9d3a3bf8

(this sample)

AgentTesla

Executable exe 10a2252fa27a963566e6c86ddf0f2e0ce082fd4b5f939f53fc011303b11e9420

  
Dropped by
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 10a2252fa27a963566e6c86ddf0f2e0ce082fd4b5f939f53fc011303b11e9420
  
Dropping
MD5 6bd34f69fe1e86cab1f94b31ba5438c8

Comments