MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51a02035d282eee4709632da84a5f988b0a1f5f538cfcbdd8e39ae894d3c4906. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51a02035d282eee4709632da84a5f988b0a1f5f538cfcbdd8e39ae894d3c4906
SHA3-384 hash: 66fbfeb14d13dbbb8fcca378db9f89cd942da7e180339cb9d548142cbffc9651a45f44b0c021d2a137fa63e449686b00
SHA1 hash: 3d0739043209fe4eb54193bdd04b1def13a7a565
MD5 hash: 9036fad64b4e9d365c42bdbf401cf344
humanhash: sad-hot-virginia-pennsylvania
File name:RQF%-245683-20212901-3212.pdf.lzh
Download: download sample
Signature AgentTesla
Create hunting rule
File size:10'176 bytes
First seen:2021-01-29 21:01:05 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 192:1/u8rDKfqvaTwqRp6SvBZPewoj5nwLZbOd7bPXKIHuICfczyxmJGjlZK3veNYA21:1/HrmfqgvXuw65nyZyRPVWcOxmkhY3Gy
TLSH D1229E9F74AECA68EDD4D2481D1359F622B430AC290099123CD277DCF885FED4B6E8D0
Reporter cocaman
Tags:lzh


Avatar
cocaman
Malicious email (T1566.001)
From: ""Inoue - CBL" <inoue@chukan.co.jp>" (likely spoofed)
Received: "from chukan.co.jp (unknown [103.141.138.120]) "
Date: "29 Jan 2021 10:29:51 -0800"
Subject: "Quotation for Bulk PO#55004 Dated 29-01 - 2021"
Attachment: "RQF%-245683-20212901-3212.pdf.lzh"

Intelligence

File Origin
# of uploads :
1
# of downloads :
254
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51a02035d282eee4709632da84a5f988b0a1f5f538cfcbdd8e39ae894d3c4906/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-01-29 05:26:32 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
19 of 44 (43.18%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kgqcanosqlxoi4ewglnijjpzrcykd5pvhdh4xxmohgxistj4jeda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/51a02035d282eee4709632da84a5f988b0a1f5f538cfcbdd8e39ae894d3c4906

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 51a02035d282eee4709632da84a5f988b0a1f5f538cfcbdd8e39ae894d3c4906

(this sample)

AgentTesla

Executable exe 41fc81a9ebcb9f6405555db22b71ca764939d1dbcf113e446418e3cb6d394184

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 41fc81a9ebcb9f6405555db22b71ca764939d1dbcf113e446418e3cb6d394184

Comments