MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59ae80842d40be9fef3ac831d9477641e115133e6799a33252b60e0de039db90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	59ae80842d40be9fef3ac831d9477641e115133e6799a33252b60e0de039db90
SHA3-384 hash:	a5766ff2192a8328e92e85799c8a79501f9f38fc7e1609c2013e4d4dba065d3df8dd7b77b20300d08102331ea98fdf62
SHA1 hash:	0e49ea4e8645edcb70f2c2729ca029b28c4b45d4
MD5 hash:	5acb53430aebf837b75186f123f5dbbb
humanhash:	salami-maryland-queen-lake
File name:	BANK SWIFT- USD 98,712.00.pdf.gz
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	647'282 bytes
First seen:	2021-02-19 10:25:41 UTC
Last seen:	2021-02-19 20:37:40 UTC
File type:	zip
MIME type:	application/zip
ssdeep	12288:X+tnN+VCXU5/RwCNiHVUW5DlvHMG2jyfs5yRufca1Pj++/i4UpLE3D:6YgEPI9sG2jik1X64/D
TLSH	23D423F56B72924698570D1B6CC2FA9433D3166A07C65AF273B2102D6C962EF9CCE13C
Reporter	GovCERT_CH
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

2

# of downloads :

118

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL

Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/59ae80842d40be9fef3ac831d9477641e115133e6799a33252b60e0de039db90/

Threat name:

ByteCode-MSIL.Trojan.Sudloader

Status:

Malicious

First seen:

2021-02-18 23:07:04 UTC

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=lgxibbbnic7j73z2zay5sr3wihqrkez6m6m2gmsswyha3ybz3oia._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

AgentTesla

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/59ae80842d40be9fef3ac831d9477641e115133e6799a33252b60e0de039db90

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 59ae80842d40be9fef3ac831d9477641e115133e6799a33252b60e0de039db90

(this sample)

exe bd784854e186a0f43ecfba7babc1f16bf5e8b42d8674e8f7af4443cefc99e719

Dropped by

AgentTesla

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 bd784854e186a0f43ecfba7babc1f16bf5e8b42d8674e8f7af4443cefc99e719

Dropping

MD5 384268998ca3f6d5085473abd7afb128

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample