MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4fa6385514d38704be096681d0de3fc97798c6d34bfcbfbe4dd7bf702eb0b9ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4fa6385514d38704be096681d0de3fc97798c6d34bfcbfbe4dd7bf702eb0b9ad
SHA3-384 hash: 48310b78d9a076e1bb75519212b63273e000a3a6db761b578541581e1c4ea389316ea09c4c8572cbd9828eae8367224b
SHA1 hash: efb6dcdfcf654a38439050a29d319e84c6101331
MD5 hash: cd1997c4da86f9eb835a0da375532a48
humanhash: saturn-oscar-four-three
File name:New Order PO023012019.rar.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:90'105 bytes
First seen:2021-01-26 06:28:22 UTC
Last seen:2021-01-26 06:47:08 UTC
File type: rar
MIME type:application/x-rar
ssdeep 1536:SeNjw9dsZdG7fw+oan+KTMSxjIt3jKtQoh1KJz8LU2nUyj/BIKqBQQxoOKi94u+K:TNc9dB7fR+DlN0zjfUq/uKq1FF
TLSH B49312C9A42AE2C3838119F1D1F7579504AE7EC502CBBF13D49E96C463662B34FA87D1
Reporter cocaman
Tags:rar


Avatar
cocaman
Malicious email (T1566.001)
From: "alsumood@emirates.net.ae" (likely spoofed)
Received: "from emirates.net.ae (unknown [45.137.22.150]) "
Date: "25 Jan 2021 15:45:29 -0800"
Subject: "RE: New Order PO023012019"
Attachment: "New Order PO023012019.rar.rar"

Intelligence

File Origin
# of uploads :
3
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27363.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4fa6385514d38704be096681d0de3fc97798c6d34bfcbfbe4dd7bf702eb0b9ad/
Threat name:
ByteCode-MSIL.Infostealer.DarkStealer
Create hunting rule
Status:
Malicious
First seen:
2021-01-26 06:29:08 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
21 of 46 (45.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j6tdqviu2odqjpqjm2a5bxr7zf3zrrwtjp6l7psn267xalvqxgwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4fa6385514d38704be096681d0de3fc97798c6d34bfcbfbe4dd7bf702eb0b9ad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 4fa6385514d38704be096681d0de3fc97798c6d34bfcbfbe4dd7bf702eb0b9ad

(this sample)

AgentTesla

Executable exe 8d612b2743dcec9641417c32c472aca58eb0161e8609754fcf728c7ee57ee5ca

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8d612b2743dcec9641417c32c472aca58eb0161e8609754fcf728c7ee57ee5ca

Comments