MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55180bb1969ec8be114f2242e1a89222f8c773a0e6e522bca3fc8bdab8bc047e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55180bb1969ec8be114f2242e1a89222f8c773a0e6e522bca3fc8bdab8bc047e
SHA3-384 hash: 5c8e4a6e59ec22cf776f96460e46588c52845549ba66ef8ebdd86b643bf8f4ebf7ffd518432fd4018a95219e30a71eb7
SHA1 hash: 529e5420a0f2baf230cc4aae003aec1ee2f3d871
MD5 hash: 2b22c42e5b8c433761274a8c443808e4
humanhash: michigan-sink-kilo-kentucky
File name:Import Docs.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:607'564 bytes
First seen:2023-05-11 06:10:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:lTFN+zfcWnz/zFSacunVTHJ9Y/6fIs+ATqTNSKHDJp+uI/m+P36O9g:tFYzfcWnDzjc6VTHvY/6f+ATqTBHDJpd
TLSH T14ED423CE1B633C081E8216B1414997839D7FD7EFBD490EAB2E85DE962B3DE992041371
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""Jin Fu Yao" <angela.xu@kuehne-nagel.com>" (likely spoofed)
Received: "from kuehne-nagel.com (unknown [185.222.58.238]) "
Date: "10 May 2023 22:32:28 +0200"
Subject: "Document submission 20RF | Martin Transmission ( Shanghai ) Co., Ltd."
Attachment: "Import Docs.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Import Docs.exe
File size:682'496 bytes
SHA256 hash: 0c0de658cc1409dddb75bd3149de4f0bfa90b74296d8d1cb909e3189f8ed2260
MD5 hash: af9d64b3cb425653da884826c96cde03
MIME type:application/x-dosexec
Signature AgentTesla
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.66978130.219.14003.UNOFFICIAL
Create hunting rule

Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/55180bb1969ec8be114f2242e1a89222f8c773a0e6e522bca3fc8bdab8bc047e/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
barys comodo lokibot packed
Link:
https://www.filescan.io/uploads/645c86f7a789e666f2493062/reports/448ca3b4-e76d-43de-b415-8b35345cafd7/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/55180bb1969ec8be114f2242e1a89222f8c773a0e6e522bca3fc8bdab8bc047e
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/55180bb1969ec8be114f2242e1a89222f8c773a0e6e522bca3fc8bdab8bc047e
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55180bb1969ec8be114f2242e1a89222f8c773a0e6e522bca3fc8bdab8bc047e/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-05-10 16:46:24 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kumaxmmwt3el4ekpejbodkesel4mo45a43ssfpfd7sf5vof4ar7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 55180bb1969ec8be114f2242e1a89222f8c773a0e6e522bca3fc8bdab8bc047e

(this sample)

AgentTesla

Executable exe 0c0de658cc1409dddb75bd3149de4f0bfa90b74296d8d1cb909e3189f8ed2260

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0c0de658cc1409dddb75bd3149de4f0bfa90b74296d8d1cb909e3189f8ed2260
  
Dropping
MD5 af9d64b3cb425653da884826c96cde03

Comments