MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2151a51075745d815bc9214b2a266ac5e9c67aa334780f1e2fcd05a0049140e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2151a51075745d815bc9214b2a266ac5e9c67aa334780f1e2fcd05a0049140e9
SHA3-384 hash: e966837cb672e9201356692c09958fec538fc3b77da49f57383ba9793aa1ae660ba34752d495ee1a3c98c705c881be0d
SHA1 hash: 09c0415f87738d0602deb64186e22651e2ded8df
MD5 hash: a2d22f29b1bc0c0d59d3794cb511abed
humanhash: blue-hawaii-papa-lithium
File name:Inquiry 036536472 doc.pdf.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:476'200 bytes
First seen:2021-02-22 07:20:37 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:sGZwE/Sh9aL04S3jPbUKkct7cFwqwUqtbymCeIoTLlW+ndxF8cSu+vP4o8dH3CVF:sg/gaL+jEFqMmCDy7dZk4ocHmyGc3NM
TLSH DAA4236CFF960295D167FF5A2AC7409CC73C11512DE80B83B827A769CC1CE963A832D6
Reporter abuse_ch
Tags:cab


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: etr0.307.gvuwx.ml
Sending IP: 143.110.148.99
From: Shahrzad Delfani <admin@307.gvuwx.ml>
Subject: Request For Quotation
Attachment: Inquiry 036536472 doc.pdf.cab (contains "Inquiry 036536472 doc.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Bulz.366920.253.29051.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2151a51075745d815bc9214b2a266ac5e9c67aa334780f1e2fcd05a0049140e9/
Threat name:
Win32.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2021-02-22 00:15:18 UTC
AV detection:
7 of 43 (16.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=efi2kedvoroycw6jeffsujtkyxu4m6vdgr4a6hrpzuc2aberiduq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab 2151a51075745d815bc9214b2a266ac5e9c67aa334780f1e2fcd05a0049140e9

(this sample)

AgentTesla

Executable exe 04b1d133828aae492d8201b04e418e467450f33be15eca63e7b16ac9094ee450

  
Dropping
MD5 1fed1aaa63d3c9a43467e7a53ba629fb
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 04b1d133828aae492d8201b04e418e467450f33be15eca63e7b16ac9094ee450

Comments