MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d382f1ce9993c6068dcee532623f078050a31fa163c1751b2ae281cb33cf3dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d382f1ce9993c6068dcee532623f078050a31fa163c1751b2ae281cb33cf3dd
SHA3-384 hash: e2a6f22bd479a955f7d84843cc6b706310c9b685e05b9a86e5ea682871fdfe8bca269271fff6c618d9d525f23f62fc7f
SHA1 hash: 8dbcde70c915ec432bdf69e65a47485dc144c987
MD5 hash: e8ddeccecc781c80359d4fd76dc90926
humanhash: edward-mars-oscar-michigan
File name:file
Download: download sample
Signature AgentTesla
Create hunting rule
File size:598'827 bytes
First seen:2021-01-12 16:40:49 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:EH3NP4C6rfetLLpyC6GuDYcdDJy+g7NXZIhivV0rpYEKxPsEr:OPCZ/GkYcL5ivVJCm
TLSH 01D423641D1BA9F8FA641CC0AD1756B3EAF116C4ED1FE12B778CEE7C0A7185C2682E05
Reporter fabjer
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1d382f1ce9993c6068dcee532623f078050a31fa163c1751b2ae281cb33cf3dd/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2021-01-12 13:00:25 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=du4c6hhjte6ga2g45zjsmi7qpacqump2cy6bounsvyubzmz46poq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1d382f1ce9993c6068dcee532623f078050a31fa163c1751b2ae281cb33cf3dd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 1d382f1ce9993c6068dcee532623f078050a31fa163c1751b2ae281cb33cf3dd

(this sample)

AgentTesla

Executable exe 3cdb85efd62add89d7945f62faf3c578d7fa6b5ec68573b1d774265afd46a8ad

  
Dropping
SHA256 3cdb85efd62add89d7945f62faf3c578d7fa6b5ec68573b1d774265afd46a8ad
  
Delivery method
Distributed via e-mail attachment

Comments