MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55b983bef4a1aef7c40e5f477fb79c5ddfe38b7269c9e4bfde83f74638794379. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55b983bef4a1aef7c40e5f477fb79c5ddfe38b7269c9e4bfde83f74638794379
SHA3-384 hash: a5ed4f9a03e5f662af8fd89aec6a22b1c25e40da79e031cfb412f6c95c3cb1695812e0e31ec64b7b8cb2d2985e9a8e60
SHA1 hash: 62959b3858e5a89ee5367fc8fb868100818d9de0
MD5 hash: dd5a67f8e947673f929a8e3446ff5d5a
humanhash: texas-tennessee-emma-nebraska
File name:GS_ PO NO.1862021.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:729'556 bytes
First seen:2021-04-06 02:39:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:40wF2Iq7trN+LrUjkbNaTrgPWvIQRG/4Uwb4o/Ig8sbE4g2PwLKl4Kmpv:3wd4yGrguRYc0cDgCwh
TLSH 84F423C43DCF6F501CBFAF604319FB13D02ADF7AD694885798284B1B186A95C689BCB1
Reporter GovCERT_CH
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
141
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36641148.26047.30435.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/55b983bef4a1aef7c40e5f477fb79c5ddfe38b7269c9e4bfde83f74638794379
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55b983bef4a1aef7c40e5f477fb79c5ddfe38b7269c9e4bfde83f74638794379/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2021-04-06 02:40:07 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kw4yhpxuugxppraol5dx7n44lxp6hc3snhe6jp66qp3umodzin4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Gamarue
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/55b983bef4a1aef7c40e5f477fb79c5ddfe38b7269c9e4bfde83f74638794379

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 55b983bef4a1aef7c40e5f477fb79c5ddfe38b7269c9e4bfde83f74638794379

(this sample)

AgentTesla

Executable exe 16440ddb2c9301aa6a664291f9d89550899f65a704d361f6c7729c0c8172bd76

  
Dropped by
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 16440ddb2c9301aa6a664291f9d89550899f65a704d361f6c7729c0c8172bd76
  
Dropping
MD5 850b5a052f4d89038373ce17e7af0316

Comments