MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 201c8a1f8828c90701be1bb3a775985d99f339a9a3b60174a77f590f0a885741. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 201c8a1f8828c90701be1bb3a775985d99f339a9a3b60174a77f590f0a885741
SHA3-384 hash: d3b491374471d20d2cb74e2d607ad083d40e03ab20d82a33c824183fd0a9c4b5bc37d55415494ff1f072132897881efe
SHA1 hash: cd778a8c51140ec0fad47ccfd5ce08d1ed22813c
MD5 hash: a33517d8043c2d2a2148f24cbd2d071a
humanhash: sink-ack-nevada-bravo
File name:April New Order.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:459'026 bytes
First seen:2021-04-01 05:41:21 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:tT5rDV/PrsTCVCeBXKDIsPpgeXpVcz8Mx2ogrs:PrDpPrsTCVPaRKsSh2Ds
TLSH 49A423F232657F84D1E9636FC2C50E6B943125BBE2B39A13B9FF4803A526850317817E
Reporter cocaman
Tags:gz


Avatar
cocaman
Malicious email (T1566.001)
From: "gerdautradingvistra.co@cayman.com" (likely spoofed)
Received: "from postfix-inbound-9.inbound.mailchannels.net (inbound-egress-5.mailchannels.net [199.10.31.237]) "
Date: "31 Mar 2021 16:11:11 -0700"
Subject: "RFQ: NEW ORDER FOR APRIL"
Attachment: "April New Order.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/201c8a1f8828c90701be1bb3a775985d99f339a9a3b60174a77f590f0a885741/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eaoiuh4ifdeqoan6doz2o5mylwm7gonjuo3ac5fhp5mq6cuik5aq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/201c8a1f8828c90701be1bb3a775985d99f339a9a3b60174a77f590f0a885741

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 201c8a1f8828c90701be1bb3a775985d99f339a9a3b60174a77f590f0a885741

(this sample)

AgentTesla

Executable exe 84228b439980a337d1ebc688d6b5838f74f9aec40fd46133591489aad3e2a40e

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 84228b439980a337d1ebc688d6b5838f74f9aec40fd46133591489aad3e2a40e

Comments