MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ed09e65be5f3516f86156b1ac2cb370dd2a826f123b42f74bebd1a3e42cc3d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ed09e65be5f3516f86156b1ac2cb370dd2a826f123b42f74bebd1a3e42cc3d0
SHA3-384 hash: fd979d36f499654f9628ae96c74964d368936c7ce7e383c2a182109ea6e29ed4c390cadedc224afb4f30005581287e00
SHA1 hash: 21df94f39990014ec8fb02a2d2172691ac69ec99
MD5 hash: 6ccdafe751fdc206798481c7281f0ec7
humanhash: sweet-eleven-massachusetts-arkansas
File name:YKRAB010B_KHE_Preminary Packing List.xlsx.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:714'418 bytes
First seen:2021-02-22 07:25:07 UTC
Last seen:2021-02-26 13:34:41 UTC
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:nYsHFpcUZfUOYrw3nDYu5Mj6DyamVQJ7FH7eVqbJy0QQ78ip:dOOY2nku5Mj6DyayQJhqVqRX8E
TLSH D7E4330DD495F99544EAECCAB21E3C8BFB45FEC17D8C81C255B826A9744180F66B3C2B
Reporter abuse_ch
Tags:cab


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: etr0.322.gvuwx.ml
Sending IP: 143.198.16.10
From: chendong/Chen Dong(COSCOKOREA SEOUL) <chen.dong@coscokorea.com>
Subject: RE: Inquire the PDA and port information
Attachment: YKRAB010B_KHE_Preminary Packing List.xlsx.cab (contains "YKRAB010B_KHE_Preminary Packing List.xlsx.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodCab-A.23935.27492.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3ed09e65be5f3516f86156b1ac2cb370dd2a826f123b42f74bebd1a3e42cc3d0/
Threat name:
Win32.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2021-02-22 03:29:54 UTC
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h3ij4zn6l42rn6dbk2y2ylftodosvatpci5uf52l5pi2hzbmypia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab 3ed09e65be5f3516f86156b1ac2cb370dd2a826f123b42f74bebd1a3e42cc3d0

(this sample)

AgentTesla

Executable exe 7a44d661f4c1ac837b0045dc28562b098cb66b5e371bda8a79ef00000fa66a65

  
Dropping
MD5 9a06197daf40639c61cc898e8db91340
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7a44d661f4c1ac837b0045dc28562b098cb66b5e371bda8a79ef00000fa66a65

Comments