MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a130953e420198d1d6875bad96efa7943bb33fa533013b809264c394424505c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a130953e420198d1d6875bad96efa7943bb33fa533013b809264c394424505c
SHA3-384 hash: 9b63f028f2303592e988af9e4f81e203a7a029a8306e04d90371b78c338bb4bb636ec57f56f2960622e165d5a940124f
SHA1 hash: 8bbcf23e87df797356a1bae8a6390a99244d1209
MD5 hash: b97b5285939b8e978d0f5f554337038f
humanhash: diet-missouri-wolfram-early
File name:New_quotation.zip
Download: download sample
File size:81'038 bytes
First seen:2020-10-15 17:19:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:vhvb5pKZY/k6rtx7loQF/t6FIPVvrkCNaTL+nlickUYS2VsbYz3iTeEfXuv3u2:B5pEY/kQxWy/t6ONvrkC8TL6HYS2Vsby
TLSH D38302B744D07A629AD6D2B786C87D4D14D47E1B83A0991B3393A88BDE12F2EC13C953
Reporter abuse_ch
Tags:Yahoo zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: sonic310-23.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.186.204
From: Sophia Zikri <sophiazikri01@gmail.com>
Reply-To: sophiazikri01@gmail.com
Subject: Re: Sorry for my delay
Attachment: New_quotation.zip (contains "New_quotation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2a130953e420198d1d6875bad96efa7943bb33fa533013b809264c394424505c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 15:42:14 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fijqsu7eeamy2hliow5ns3x2pfb3wm72kmybhoajezgdsrbekboa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2a130953e420198d1d6875bad96efa7943bb33fa533013b809264c394424505c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 2a130953e420198d1d6875bad96efa7943bb33fa533013b809264c394424505c

(this sample)

Executable exe 28c3b9d9bba2222f68a077032220c1a9e354de722f0945bc33a8f7176a1e1377

  
Dropping
MD5 ee5132bfea17f3c0827f935fe83bbd3b
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 28c3b9d9bba2222f68a077032220c1a9e354de722f0945bc33a8f7176a1e1377

Comments