MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 524e1dd0e8d233b367403b5096fb6eedd666424f9253f0c14a3bc11370ef601d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 524e1dd0e8d233b367403b5096fb6eedd666424f9253f0c14a3bc11370ef601d
SHA3-384 hash: 6255095b0b5257496b61a2df3c9c082368ef31c72e6f9ceca98230e4cf6596c54941704433b53abc4e397d76a05f65c8
SHA1 hash: bfd92761ce07b96a144cd637836cb02d5b9c3fea
MD5 hash: 8aa3dfe14eb8fd8558f45c9414f0b60d
humanhash: johnny-ohio-fourteen-failed
File name:invoice.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:540'511 bytes
First seen:2020-09-09 15:49:47 UTC
Last seen:2020-09-10 07:08:45 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:/aMhIZcq7xRoBuMsnb8UwGPadP7bb4ygk:bIZcixRoBuzONxL
TLSH C0B4234BB7753A2F4A557A39047A3F7AC58CF59FB0724C43AF205B2370EA21A45B2609
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email
From: =?UTF-8?Q?Boris_Liu_=E5=88=98=E4=BF=8A=E4=BA=AE?=
<noreply@wetransfer.com>
Received: from properso.com (62-210-157-138.rev.poneytelecom.eu [62.210.157.138])
Date: Wed, 09 Sep 2020 18:38:45 +0100
Subject: Re; CONFIRM BANK DETAIL
Attachment: invoice.rar

Intelligence

File Origin
# of uploads :
4
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/524e1dd0e8d233b367403b5096fb6eedd666424f9253f0c14a3bc11370ef601d/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kjhb3uhi2iz3gz2ahnijn63o5xlgmqspsjj7bqkkhparg4hpmaoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/524e1dd0e8d233b367403b5096fb6eedd666424f9253f0c14a3bc11370ef601d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 524e1dd0e8d233b367403b5096fb6eedd666424f9253f0c14a3bc11370ef601d

(this sample)

AgentTesla

Executable exe d8ba4833fadaf3045d32509f246aeb93a587b89559b2de4ae32badac2a6ab435

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d8ba4833fadaf3045d32509f246aeb93a587b89559b2de4ae32badac2a6ab435
  
Dropping
AgentTesla

Comments