MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41ad720e2f7874297da1a5d6f53fceb1639f7451d84baef77bb69252bc6d0eb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 41ad720e2f7874297da1a5d6f53fceb1639f7451d84baef77bb69252bc6d0eb4
SHA3-384 hash: 6bfe3344b5cbd3ecdbe22f9338c4fc54f3122de73fbb5f061c281b691502fc021ea4aeadc18410979b3eeeee7539efd9
SHA1 hash: 844482eb1a684618b791800d9222982fbcb6c2e7
MD5 hash: 6fffbb757cae1a724a1acbbbc6c378af
humanhash: nevada-bravo-beer-iowa
File name:PO-2020-SGL-014 PDF.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:707'065 bytes
First seen:2021-05-14 05:48:58 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:msCXN5AzN6Fbz7HTtZnTjHMiaWWMR9eQQZS7UVQWStoy1HfJEJB6N8Je5l1z/:ms6JznTb4WLeQQZSZ9NJEKNui1r
TLSH 0BE4338DC58795741D8FCB05286452836A3F575F0B98ED0E8B8EB4628CBA62EC357373
Reporter cocaman
Tags:z


Avatar
cocaman
Malicious email (T1566.001)
From: "Deep Jha<ytueidjsdfh@mausetv.org>" (likely spoofed)
Received: "from mausetv.org (unknown [45.137.22.56]) "
Date: "13 May 2021 14:29:21 -0700"
Subject: "New order PO-2021-SGL-014"
Attachment: "PO-2020-SGL-014 PDF.z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27572.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/41ad720e2f7874297da1a5d6f53fceb1639f7451d84baef77bb69252bc6d0eb4/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2021-05-13 07:17:32 UTC
File Type:
Binary (Archive)
Extracted files:
148
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=igwxedrppb2cs7nbuxlpkp6owfrz65cr3bf25533w2jffpdnb22a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/41ad720e2f7874297da1a5d6f53fceb1639f7451d84baef77bb69252bc6d0eb4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 41ad720e2f7874297da1a5d6f53fceb1639f7451d84baef77bb69252bc6d0eb4

(this sample)

AgentTesla

Executable exe c6f1d67ac3535b18063bd2899b68ec65017f6ff31b042a3dee80d1f0e8a3dea8

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c6f1d67ac3535b18063bd2899b68ec65017f6ff31b042a3dee80d1f0e8a3dea8

Comments