MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5908a84712274d0557b368e5edc3993fd9e03e0b8d2d4b744695c584f4147622. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5908a84712274d0557b368e5edc3993fd9e03e0b8d2d4b744695c584f4147622
SHA3-384 hash: 78c320bd9c9cf616d8b9a14ab23f9807f2b008fd5cda8fc64fbecc6f1ac8ed53d95a27442f82a27c5ddd8e30a0c80655
SHA1 hash: 273cf2baf928b47421a4195f8a65b940146a6bdf
MD5 hash: 15085f24e88d7290f6b92d22341d8dd5
humanhash: seventeen-triple-moon-chicken
File name:Documents-009029.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:499'533 bytes
First seen:2020-07-11 12:20:12 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:YXu3d6PJ64w84/BORrWKMBgUyHXkkkxU/FCxLnGM2Cd:4ut4JvwJOIKMBU0Bxqsx7GM2o
TLSH 51B42379CE55FA20E8A8F7B5FC806539C5711AB0939103E89F759B402C9800FE6E6D9B
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email
From: Marwan<marwan.madani@ducab.com>
Received: from ducab.com (unknown [185.222.58.143])
Date: 10 Jul 2020 17:21:13 -0700
Subject: RE:RE:attached Packing List
Attachment: Documents-009029.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.51596.28312.17075.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5908a84712274d0557b368e5edc3993fd9e03e0b8d2d4b744695c584f4147622/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 21:53:55 UTC
File Type:
Binary (Archive)
Extracted files:
11
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=leekqryse5gqkv5tnds63q4zh7m6apqlruwuw5cgsxcyj5auoyra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 5908a84712274d0557b368e5edc3993fd9e03e0b8d2d4b744695c584f4147622

(this sample)

AgentTesla

Executable exe 81eeadcc2553fe9991022470311c8ad197615c465cd06a2992990ad63b14aebb

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 81eeadcc2553fe9991022470311c8ad197615c465cd06a2992990ad63b14aebb
  
Dropping
AgentTesla

Comments