MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36c9b5ffdb6ca53110200f29c465aa392ae64b646da3f93762bfc0c153a8ac0d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36c9b5ffdb6ca53110200f29c465aa392ae64b646da3f93762bfc0c153a8ac0d
SHA3-384 hash: 93dd4881cd79371bb177028d82fdf3fc4a5004cd71987de7101d34e24af4bb0d8cce05e91be5716c8720324ad158bd4a
SHA1 hash: 69390fe540ba414dcbe76d6fe23ce3dd0ca0b999
MD5 hash: 5416857327d6654684ab082b5d2a045e
humanhash: music-ceiling-twenty-massachusetts
File name:Specifications_pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:369'928 bytes
First seen:2020-11-13 06:58:41 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:ttznXSJPdgbJaX/s1m1mPlXdzs8RN6b+DoFF9vo1rhmB7h1hZnouzIZWpHzFndH:jze2UX6ltzlmbRF9ogh1hniCndH
TLSH E174238F934BAD22199C3E4599A15E3ECD42C6D78A76F6B42373D2AA1050033F32FD18
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "anna@sunzofurniture.com" (likely spoofed)
Received: "from postfix-inbound-4.inbound.mailchannels.net (inbound-egress-5.mailchannels.net [199.10.31.237]) "
Date: "12 Nov 2020 16:53:00 -0800"
Subject: "Enquiry/Specification:Sunzo Furniture"
Attachment: "Specifications_pdf.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/36c9b5ffdb6ca53110200f29c465aa392ae64b646da3f93762bfc0c153a8ac0d/
Threat name:
Win32.Trojan.Bluteal
Create hunting rule
Status:
Malicious
First seen:
2020-11-12 22:25:54 UTC
File Type:
Binary (Archive)
Extracted files:
48
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g3e3l763nsstcebab4u4iznkhevoms3enwr7sn3cx7amcu5ivqgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 36c9b5ffdb6ca53110200f29c465aa392ae64b646da3f93762bfc0c153a8ac0d

(this sample)

AgentTesla

Executable exe 1b309fba5ed6a5cca9df11aa42633e07a7c64d3b4474849a0ede645dde5c0a50

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1b309fba5ed6a5cca9df11aa42633e07a7c64d3b4474849a0ede645dde5c0a50
  
Dropping
AgentTesla

Comments