MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 21155e93b20cdaf60d59f77c1ea87af6976f037f31cc69ee6fafc070c2e4c62c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 21155e93b20cdaf60d59f77c1ea87af6976f037f31cc69ee6fafc070c2e4c62c
SHA3-384 hash: 6833c77e8decb1dfb53e39cc8034719afaaa058dda8da67cc294afcfc93a5089cf2a7fcdb5d8ab364a8431b43b833e7a
SHA1 hash: aa2bc10080c6849af6effebd6a32de1cc98da7ad
MD5 hash: 42882087fa5b1595451f9f95db51c589
humanhash: johnny-uncle-zebra-romeo
File name:Letter of intent and Non Disclosure Agreement 28052024 scanned from a xerox multifunctional device00000001.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:654'285 bytes
First seen:2024-06-03 14:12:31 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:obV9y7/T2c+qdKxOmgfPeqA6voIzWvmBwBqBB2pp4B2w2YQChe4JyEx:obV9y7/pFKxOF7ANIauZBBuVChXx
TLSH T1B8D4239C16F253D74F89F4BBE99920FD99E33DE2208225B6A011451E05FBB408F747AE
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter activatedalmond
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:U6sBC9casFP971t.exe
File size:0 bytes
SHA256 hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
MD5 hash: d41d8cd98f00b204e9800998ecf8427e
MIME type:inode/x-empty
Signature AgentTesla
Vendor Threat Intelligence
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/21155e93b20cdaf60d59f77c1ea87af6976f037f31cc69ee6fafc070c2e4c62c
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/21155e93b20cdaf60d59f77c1ea87af6976f037f31cc69ee6fafc070c2e4c62c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/21155e93b20cdaf60d59f77c1ea87af6976f037f31cc69ee6fafc070c2e4c62c/
Threat name:
Archive.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-05-28 12:18:04 UTC
File Type:
Binary (Archive)
AV detection:
4 of 38 (10.53%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eekv5e5sbtnpmdkz656b5kd262lw6a37ghggt3tpv7ahbqxeyywa._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/240603-sk614sae41/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

AgentTesla

zip 21155e93b20cdaf60d59f77c1ea87af6976f037f31cc69ee6fafc070c2e4c62c

(this sample)

AgentTesla

Executable exe 50e85468becf2a5b858a1cd14362899128ccda25c01b428f52ddc033bb95ad65

  
Dropping
SHA256 50e85468becf2a5b858a1cd14362899128ccda25c01b428f52ddc033bb95ad65
  
Dropping
MD5 fcb5172319bbca6eb3c03d589404c926

Comments


Avatar
commented on 2024-06-03 14:14:48 UTC

Password is filename of contained file filename's. (U6sBC9casFP971t) in this case