MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 49bc3635a90cfffb37878559685f7865563ba8cb7e7b9e8afbc33d02c81d0914. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 49bc3635a90cfffb37878559685f7865563ba8cb7e7b9e8afbc33d02c81d0914
SHA3-384 hash: c9a3851222e5fa1441f71f71bf0e4e354396a8dfbb5040acfec74e00dc1b277584597c42ac94ebc7b3f97763059beb94
SHA1 hash: 32cc8055e090e211ca2862fcc688a6f03070bfa1
MD5 hash: bb6caee116bd5710f33b8bbc0861c981
humanhash: grey-fish-carbon-south
File name:RFQ-FOSL-GATE VALVES-PHCR-RFQ1-280121-A.xlsx.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:382'615 bytes
First seen:2021-01-30 07:08:34 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:H2iXjrJlcnfLEvV+GUh1EXJG+LLo8B9vaRefkivNVnpYTKerkTbGJiUYvb2vN1h4:vTtCfhh1F+J9tfk8npYuerCMFM8q
TLSH 27842314845216D06F9696D9E6BBB0B83B65697BDF9C3AC072F57EA04F00CC06B77C42
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Michael Soronnadi<michaelsr@futureoilfields.com>" (likely spoofed)
Received: "from futureoilfields.com (unknown [104.216.251.52]) "
Date: "29 Jan 2021 20:57:36 -0800"
Subject: "Fwd: RFQ-FOSL-GATE VALVES-PHCR-RFQ1-280121-A"
Attachment: "RFQ-FOSL-GATE VALVES-PHCR-RFQ1-280121-A.xlsx.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
211
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/49bc3635a90cfffb37878559685f7865563ba8cb7e7b9e8afbc33d02c81d0914/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-30 07:09:05 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
17 of 45 (37.78%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jg6dmnnjbt77wn4hqvmwqx3ymvldxkglpz5z5cx3ym6qfsa5beka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/49bc3635a90cfffb37878559685f7865563ba8cb7e7b9e8afbc33d02c81d0914

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 49bc3635a90cfffb37878559685f7865563ba8cb7e7b9e8afbc33d02c81d0914

(this sample)

AgentTesla

Executable exe 670b031cca042e01b07ece7021acc32ead795c2d64956c3f8754ff5f619dbcea

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 670b031cca042e01b07ece7021acc32ead795c2d64956c3f8754ff5f619dbcea
  
Dropping
AgentTesla

Comments