MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 178ce9bd03e0bee8f3ca31f1b3598a909d7b2749744437bd777e8a54114b3091. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 178ce9bd03e0bee8f3ca31f1b3598a909d7b2749744437bd777e8a54114b3091
SHA3-384 hash: 9bb2a32227a7625ab437b0b3145bb85085c0aa93c9ff077cd1dc94d5cc7d9646e2297e0a642ecd0345153acd2f1cc5d7
SHA1 hash: a7885f9a512e7d9a84ff59b8d566be70d1abe351
MD5 hash: 0b78d7bef3b03e163f0d7d2086cb514b
humanhash: lion-arkansas-delta-connecticut
File name:pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:458'484 bytes
First seen:2020-10-21 10:01:13 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:mxoS9IHwVJth/m/H1p+WpzUrpYXv4+kBKas7rLgJ338K:mFjmf+WyywxwvrLgJn8K
TLSH 9EA42382211637015877AB400E8FBD658E1D3D4B366070F0979FCCD6FAA889A4BB771E
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps.confidencegroup.co
Sending IP: 162.144.54.78
From: ashishachute@confidencegroup.co
Subject: Payment status
Attachment: pdf.rar (contains "pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/178ce9bd03e0bee8f3ca31f1b3598a909d7b2749744437bd777e8a54114b3091/
Threat name:
ByteCode-MSIL.Spyware.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 23:18:46 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c6gotpid4c7or46kghy3gwmkscoxwj2jorcdpplxp2ffieklgciq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 178ce9bd03e0bee8f3ca31f1b3598a909d7b2749744437bd777e8a54114b3091

(this sample)

AgentTesla

Executable exe 5d2fa0d44c473d9306e4b644140d52c3f97f0ad861e60440f154639278296ca2

  
Dropping
MD5 0b62855d4f7b43038f40026cef7bb983
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5d2fa0d44c473d9306e4b644140d52c3f97f0ad861e60440f154639278296ca2

Comments