MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12d718a955a5174553680f0842541b38cddb1c7a26d05ba1600a6166d9800538. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12d718a955a5174553680f0842541b38cddb1c7a26d05ba1600a6166d9800538
SHA3-384 hash: ca395d925c8ba54577955c764845cf6079e6f9449ebf9965c14c4a4203c60236befc3ae6453475b63e44d8636a0ec323
SHA1 hash: e70104010afcb7305f3ff18e3d6ffbd4570176ef
MD5 hash: 4c1dfdef5500bf6e387a8f5cd1e95fbc
humanhash: summer-arkansas-london-arkansas
File name:Ref 202271809.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:541'590 bytes
First seen:2020-08-27 08:06:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:45ZVc4GG+firTBoVjnhjjfI/2iHgqaqk8DuRkVxZRU41Lfs:KcXrfirloV9fI+kiXIV+
TLSH 7EB423DBBDFAE8D428151A03A61510FC43542469B5F39769C46BC492F60A8E1E9F0FDC
Reporter abuse_ch
Tags:AgentTesla Endurance zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: 162-144-100-85.unifiedlayer.com
Sending IP: 162.144.38.36
From: PAY-U INDIA <enquiry@oxy99.in>
Reply-To: PAY-U INDIA <enquiry@oxy99.in>
Subject: INCORRECT BANK DETAILS FOR PAYMENT
Attachment: Ref 202271809.zip (contains "Ref 202271809.pdf")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/12d718a955a5174553680f0842541b38cddb1c7a26d05ba1600a6166d9800538/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-08-27 08:07:04 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cllrrkkvuuluku3ib4eeeva3hdg5whd2e3ifxilabjqwnwmaau4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/12d718a955a5174553680f0842541b38cddb1c7a26d05ba1600a6166d9800538

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 12d718a955a5174553680f0842541b38cddb1c7a26d05ba1600a6166d9800538

(this sample)

AgentTesla

Executable exe 483fc85417b647e1100ca61a281e1c2bce0d2a7d66db220f72ec4f1f2d7e2ab9

  
Dropping
MD5 f6b8415406ce8bde6ab7ce28abd11fab
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 483fc85417b647e1100ca61a281e1c2bce0d2a7d66db220f72ec4f1f2d7e2ab9

Comments