MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24dcc400a7042e3ba2f05de31d641a44c52eaf522ed06f9aa1a3345f8d8cc65e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24dcc400a7042e3ba2f05de31d641a44c52eaf522ed06f9aa1a3345f8d8cc65e
SHA3-384 hash: d55307284e86b5d047a668a47a1a5eb145554f1416a220c64e5f3bb3092da9feeee781e7b9e22891cd16f827b005540b
SHA1 hash: 781e4eec75ef85afd2be7cb96b004c6fc0d875e1
MD5 hash: 1b12c21df329ee0da68576e1b1347568
humanhash: mike-snake-butter-virginia
File name:ΤΙΜΟΛΟΓΙΟ ΦΠΑ__pdf____________________________pdf____pdf_.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:419'389 bytes
First seen:2021-03-01 15:36:24 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:YrEdgvLVRDVhge5avF973u5WtFQ9XXyPM7hFXh:YrEeLVXh95avF9yV9nyklD
TLSH 05942315BC61FD4F9819D63F7724F7054C12EF0381BBAAFB5DC4A78A1A5A038029BE52
Reporter cocaman
Tags:gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Mohammed Masaud <gchris46@ford.com>" (likely spoofed)
Received: "from ford.com (unknown [95.211.209.158]) "
Date: "01 Mar 2021 09:36:53 -0500"
Subject: "RE: INQUIRY"
Attachment: "ΤΙΜΟΛΟΓΙΟ ΦΠΑ__pdf____________________________pdf____pdf_.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/24dcc400a7042e3ba2f05de31d641a44c52eaf522ed06f9aa1a3345f8d8cc65e/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-01 15:37:05 UTC
File Type:
Binary (Archive)
Extracted files:
33
AV detection:
9 of 29 (31.03%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=etomiafhaqxdxixqlxrr2za2itcs5l2sf3ig7gvbum2f7dmmyzpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/24dcc400a7042e3ba2f05de31d641a44c52eaf522ed06f9aa1a3345f8d8cc65e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 24dcc400a7042e3ba2f05de31d641a44c52eaf522ed06f9aa1a3345f8d8cc65e

(this sample)

AgentTesla

Executable exe e4430ff0b0e7ec35e83d08b14372872695019ec4f9a3d985fcb6e60376d2927d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e4430ff0b0e7ec35e83d08b14372872695019ec4f9a3d985fcb6e60376d2927d

Comments