MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d0f7d5ea71bfb6d51237f674d9a35f86f8913f3e73bb73049c06b6d1c8d6a8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d0f7d5ea71bfb6d51237f674d9a35f86f8913f3e73bb73049c06b6d1c8d6a8c
SHA3-384 hash: 2cd6c986b901f03d99faa831260b5a880a9230f5eea5a8e415f6fbe2891bd9d773168e90c615c2c31a2f6cb593e78a19
SHA1 hash: 0473576659ec2da88032ac792f123a5a9d238c94
MD5 hash: 6828688d7554c55358779b68006400f3
humanhash: bulldog-kentucky-high-wisconsin
File name:Pago MEX100046700.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:535'943 bytes
First seen:2021-12-28 07:54:47 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:sGa2g3iiKwkCFwIe3blIHBZ/YY1c3kcZmxs94DyHvXs:la2Gu0zQblIHBOY1c3k28
TLSH T195B423BB27DA792A9778C33C23B231E4352A3E874BBDDB85E75598CC038B51B045912C
Reporter cocaman
Tags:AgentTesla r00


Avatar
cocaman
Malicious email (T1566.001)
From: "Alan Antonio Ibarra Garcia <clientes.ocupa1@grupoocupa.com>" (likely spoofed)
Received: "from grupoocupa.com (unknown [185.222.57.171]) "
Date: "25 Dec 2021 13:26:36 +0100"
Subject: "Pago MEX100046700 = USD 72,385"
Attachment: "Pago MEX100046700.r00"

Intelligence

File Origin
# of uploads :
1
# of downloads :
274
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
fareit obfuscated packed
Link:
https://www.filescan.io/uploads/61cac2da4ab5c44cbf547934/reports/726c626f-08e6-4590-85c9-83a7cf6d01d7/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1d0f7d5ea71bfb6d51237f674d9a35f86f8913f3e73bb73049c06b6d1c8d6a8c/
Threat name:
ByteCode-MSIL.Infostealer.DarkStealer
Create hunting rule
Status:
Malicious
First seen:
2021-12-25 11:45:24 UTC
File Type:
Binary (Archive)
Extracted files:
19
AV detection:
21 of 43 (48.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=duhx2xvhdp5w2ujdp5tu3grv7bxyse7t4453omcjybvw2hennkga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1d0f7d5ea71bfb6d51237f674d9a35f86f8913f3e73bb73049c06b6d1c8d6a8c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 1d0f7d5ea71bfb6d51237f674d9a35f86f8913f3e73bb73049c06b6d1c8d6a8c

(this sample)

AgentTesla

Executable exe bf22348207105ae1af6bbeb0dae03f550489883ecfac5cb90abbcbd55608cf3b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bf22348207105ae1af6bbeb0dae03f550489883ecfac5cb90abbcbd55608cf3b

Comments