MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0dd2a6ca67c70f2ee8ea51edecf5612ecfe5ea0cbe8d888532bd16f05e9699a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0dd2a6ca67c70f2ee8ea51edecf5612ecfe5ea0cbe8d888532bd16f05e9699a3
SHA3-384 hash: 7384bd1f2c51c1483d29295d7e52c5e167f68f95e9206843db85cdbc5e96e64b23ba7fd93cac1f23e3f9034bd5aae7ab
SHA1 hash: 58b6fb409a3989cb4aadf885e46218042e42afb6
MD5 hash: 0d37233d492d50d9979e03ad063b913e
humanhash: delta-uranus-west-nine
File name:BL # SUN20110498.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:569'811 bytes
First seen:2020-12-05 07:21:38 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:tMF+RPv5Va+SQUR+EU5Ab1zvhxteyV4XmTGowZaskY1uQnaPlg:tMF+5ulJ+Eh1zRvV4XdRCwilg
TLSH DCC4235A4844D6A015396F97E827A4AC4F3F9F0482D1F2983AE8CF1C6F13D526D1B2F6
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Hemanth Karthick<docs@lom-logistics.com>" (likely spoofed)
Received: "from lom-logistics.com (unknown [103.99.1.174]) "
Date: "4 Dec 2020 20:45:02 -0800"
Subject: "SUEZ CANAL/20008W/ MBL NO:KMTCPUSD619061//HBL:SUN20110498/SHIPPER:LOTTE FINE CHEMICAL CO.,LTD /CONSIGNEE:ANSHUL LIFE SCIENCES /ETD:04.12.2020/ETA:27.12.2020"
Attachment: "BL # SUN20110498.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
282
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.28939.7292.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0dd2a6ca67c70f2ee8ea51edecf5612ecfe5ea0cbe8d888532bd16f05e9699a3/
Threat name:
ByteCode-MSIL.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-12-05 07:22:08 UTC
File Type:
Binary (Archive)
Extracted files:
65
AV detection:
11 of 28 (39.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bxjknsthy4hs52hkkhw6z5lbf3h6l2qmx2gyrbjsxulpaxuwtgrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0dd2a6ca67c70f2ee8ea51edecf5612ecfe5ea0cbe8d888532bd16f05e9699a3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 0dd2a6ca67c70f2ee8ea51edecf5612ecfe5ea0cbe8d888532bd16f05e9699a3

(this sample)

AgentTesla

Executable exe e463978735f615b42931f614c058f5596e21a50fbb226bb235c038c2a1e129e2

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e463978735f615b42931f614c058f5596e21a50fbb226bb235c038c2a1e129e2
  
Dropping
AgentTesla

Comments