MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b90f91437c98734475b2153299bee84b506fc9e7e6323106066fdaee2638438. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b90f91437c98734475b2153299bee84b506fc9e7e6323106066fdaee2638438
SHA3-384 hash: e7f2842790465ba68d54ae9cfbd2df16003bc5ad4b078fe2f696ffba64fd5e9c4d548b98cc46cf466e04d31fc112ccbf
SHA1 hash: 5df0dfeb8efdb56cab85273a3ab29f4461e88819
MD5 hash: 7dcfe9b7dc0855e01286cc586d7336fe
humanhash: comet-queen-zulu-item
File name:P.O. #HBG00356.doc.tar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:857'088 bytes
First seen:2020-11-12 07:45:12 UTC
Last seen:2020-11-12 14:14:38 UTC
File type: tar
MIME type:application/x-tar
ssdeep 12288:xBIk8kJZNG3NT0Ad2jLy+isNk3q0frBFCERciqBt8LFVt:xBIP8ZI9TtiiMk3q0frBFLR5qP87
TLSH E805CF30B265FB56EA381BF4D491E4B80FA42E1F9969D94D3CD03EDF3075B848A05A27
Reporter cocaman
Tags:AgentTesla tar


Avatar
cocaman
Malicious email (T1566.001)
From: ""Abdul Rasheed" <arasheedu@yhdo.org>" (likely spoofed)
Received: "from yhdo.org (unknown [185.222.58.102]) "
Date: "12 Nov 2020 05:58:02 -0800"
Subject: "urs.lustenberger@lgpartner.ch P.O APPROVAL-12-11-20 1-12597993276(YHDO LIMITED) "
Attachment: "P.O. #HBG00356.doc.tar"

Intelligence

File Origin
# of uploads :
2
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.cc.26271.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b90f91437c98734475b2153299bee84b506fc9e7e6323106066fdaee2638438/
Threat name:
ByteCode-MSIL.Trojan.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-12 07:46:04 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

tar 1b90f91437c98734475b2153299bee84b506fc9e7e6323106066fdaee2638438

(this sample)

AgentTesla

Executable exe 663bda7b869cefa47acc50bdba83a5fba3637ac2e26a113d3a6dff62595b7860

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 663bda7b869cefa47acc50bdba83a5fba3637ac2e26a113d3a6dff62595b7860
  
Dropping
AgentTesla

Comments