MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36f184544082705a29fdad2aee11ad99133317ad4798ec22b37ef7c2311a2ba1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36f184544082705a29fdad2aee11ad99133317ad4798ec22b37ef7c2311a2ba1
SHA3-384 hash: b1371417aae60e8be277ba5096c94f78f8cd20bf41fd3f3f490808ddd923f0d18c833baa8f1b23f426efb0905843d6ef
SHA1 hash: 07c589b0635fec12ef95439f44fa330fb1eb8af7
MD5 hash: a75cdc1735cb2fd47940cccaa5b219e5
humanhash: zulu-neptune-minnesota-happy
File name:PI-AAA asssa.pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:378'928 bytes
First seen:2020-07-03 05:38:44 UTC
Last seen:2020-07-03 05:38:53 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:K5VfO5jYXIQt54nfdQ2nENhSaK/U9jeSOFxBELX+CGPMs7YVfa1CB/pvwTAo:CVmOIQt54nmXhSNUVY3ELX+CGUs7z1qI
TLSH 1B842386D2291A0F416A3E8DBB597A186F3D738777478A8D3993348DED311EC38185F2
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email
From: Umit KUCUKKAVRUK<sales@guneycelik.com.tr>
Received: from guneycelik.com.tr (unknown [95.211.208.23])
Date: 3 Jul 2020 04:20:07 -0700
Subject: Fw: proforma invoice
Attachment: PI.proforma invoice.pdf

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/36f184544082705a29fdad2aee11ad99133317ad4798ec22b37ef7c2311a2ba1/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 05:40:07 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g3yyivcaqjyfukp5vuvo4enntejtgf5ni6moyivtp334emi2foqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 36f184544082705a29fdad2aee11ad99133317ad4798ec22b37ef7c2311a2ba1

(this sample)

AgentTesla

Executable exe 066a9d69cfa4cd160863af9792b3cf63fa8fafb2752d5fc04f96cf68256ec744

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 066a9d69cfa4cd160863af9792b3cf63fa8fafb2752d5fc04f96cf68256ec744

Comments