MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23a47b24034f0fd10cd3d88e87ddf16eb5f656d42f748aea79506e232fd162e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 23a47b24034f0fd10cd3d88e87ddf16eb5f656d42f748aea79506e232fd162e4
SHA3-384 hash: 5ea8d6fc18be17509e4e7853672347ed4d3c6ca550d72b769f5927c5fc32c525fb18e386621af6c66c2e3e5a63bb270f
SHA1 hash: 72791e9f39b2d4612f040577877b55d6434ea284
MD5 hash: f8857a64b973b12cdc68985961cb980a
humanhash: florida-four-wyoming-burger
File name:photos of damaged goods.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:680'253 bytes
First seen:2022-06-08 14:53:55 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:T+qXxe/pcwNQZC7aBGPKDhFiVfYlpywfy9PSSCeR4uhO+X1Xgr2A:T+Wxe/aCQBtfiV9RSSzR4uY+X1O2A
TLSH T1A9E423512FEE0E51A06D9A3F8DF31A2513E3B21665D41895047BE2F3EA9560C2CE4FF2
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:AgentTesla r00


Avatar
cocaman
Malicious email (T1566.001)
From: ""General Accountant"<accountant@citicore-interiordesign.com>" (likely spoofed)
Received: "from citicore-interiordesign.com (unknown [45.137.22.110]) "
Date: "08 Jun 2022 16:52:40 +0200"
Subject: "Re: re: Please find the attached letter for more.."
Attachment: "photos of damaged goods.r00"

Intelligence

File Origin
# of uploads :
1
# of downloads :
228
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/23a47b24034f0fd10cd3d88e87ddf16eb5f656d42f748aea79506e232fd162e4/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2022-06-08 10:29:09 UTC
File Type:
Binary (Archive)
Extracted files:
25
AV detection:
17 of 39 (43.59%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eoshwjadj4h5cdgt3chipxprn227mvwuf52iv2tzkbxcgl6rmlsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/23a47b24034f0fd10cd3d88e87ddf16eb5f656d42f748aea79506e232fd162e4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 23a47b24034f0fd10cd3d88e87ddf16eb5f656d42f748aea79506e232fd162e4

(this sample)

AgentTesla

Executable exe 8d75529a8c51cb0ba57f63afe69cfbb3af95c5087946ad4de20634c86a5abf3c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8d75529a8c51cb0ba57f63afe69cfbb3af95c5087946ad4de20634c86a5abf3c
  
Dropping
MD5 3b88fad4833387097746731328746363

Comments