MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51e13aea35b0933f20989a59f6410a20fb87a206d72caa73cad7449ab29bb88a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51e13aea35b0933f20989a59f6410a20fb87a206d72caa73cad7449ab29bb88a
SHA3-384 hash: 5c0a722e5a50f4d8e2697eaf78350fe843b9e79c4bd2d3e1ec2b114f14b91f1d96510be66fac7ed11e140ba58bb4c357
SHA1 hash: 6556aa899bc0a20dc30719b51937c93e9ebe7540
MD5 hash: 0b25060ba20db3e2d93ce0c586d2c3ac
humanhash: floor-undress-wyoming-table
File name:PAYMENT ADVISE.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:418'886 bytes
First seen:2020-11-25 06:43:51 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:EK1i46phPelxQvR+gPBbPfYXgAOUZyNDt0Bn7TDtXlzsZK0M9KOlKFySFj:Ev4OebyNPBDAPOUe+Z7TDllziOcISFj
TLSH 3D94233193A2FB1E3948A25329443115EAD346C4A3328697814BEF957B0B2D77F07F8E
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Wang weishun <sales@asianskygroup.com>" (likely spoofed)
Received: "from asianskygroup.com (unknown [103.99.1.171]) "
Date: "24 Nov 2020 19:24:50 -0800"
Subject: "RE:PAYMENT ADVISE(103) TT/USD/8145/2020"
Attachment: "PAYMENT ADVISE.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51e13aea35b0933f20989a59f6410a20fb87a206d72caa73cad7449ab29bb88a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-25 02:39:08 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=khqtv2rvwcjt6ieytjm7mqiked5ypiqg24wku46k25cjvmu3xcfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/51e13aea35b0933f20989a59f6410a20fb87a206d72caa73cad7449ab29bb88a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 51e13aea35b0933f20989a59f6410a20fb87a206d72caa73cad7449ab29bb88a

(this sample)

AgentTesla

Executable exe 70bba7ae7db7a571dde9f6e9adad50a1b4fb32b8757f5d6cebb3d73b833644f6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 70bba7ae7db7a571dde9f6e9adad50a1b4fb32b8757f5d6cebb3d73b833644f6
  
Dropping
AgentTesla

Comments