MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a5699683c97f64dee6536074a783e7f639295a3a899446158a67067854db6ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a5699683c97f64dee6536074a783e7f639295a3a899446158a67067854db6ad
SHA3-384 hash: 6ce0a6c76f49e8f2f0109bd65eceb3ad074e38b2a9de4b4f3e97179ef6fe91e4f133f22a72afabc5b085240177e6f2e4
SHA1 hash: 5fd3feb8e16923ff68bbe368b6982e87b6e5b2b0
MD5 hash: dab335f66e96f3a1c21f6ffe39e3d27d
humanhash: pasta-sixteen-stairway-edward
File name:Request for Quotation Commercial Offer and Official PriceList for 2020.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:500'013 bytes
First seen:2020-11-17 09:03:14 UTC
Last seen:2020-11-17 09:04:46 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:rTrwYlzDRtRsAp5nGuXlKMsUlNC6zdCM4r3Byk7tM:vrVZBjzGOKfq3zdf4Dx7O
TLSH E3B423590A71A14E6DC1C79236D09FF81928E32C862DDCF749CCE2317E21944BED7BA2
Reporter cocaman
Tags:rar


Avatar
cocaman
Malicious email (T1566.001)
From: ""Joyce, Wu" <joyce@caspiexpress.com>" (likely spoofed)
Received: "from box.caspiexpress.com (box.caspiexpress.com [64.227.65.4]) "
Date: "Tue, 17 Nov 2020 00:46:04 -0800"
Subject: "New Business Inquiry"
Attachment: "Request for Quotation Commercial Offer and Official PriceList for 2020.rar"

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1a5699683c97f64dee6536074a783e7f639295a3a899446158a67067854db6ad/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 09:04:06 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 1a5699683c97f64dee6536074a783e7f639295a3a899446158a67067854db6ad

(this sample)

AgentTesla

Executable exe da4e120e4586c277edfa8a75a76f502a53c60594caee8b0bdf452220c9c61efb

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 da4e120e4586c277edfa8a75a76f502a53c60594caee8b0bdf452220c9c61efb

Comments