MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c31e5d9d2b127884a25ceea7465b00b994f3de7bf7360440183230e7c2c4690. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	5c31e5d9d2b127884a25ceea7465b00b994f3de7bf7360440183230e7c2c4690
SHA3-384 hash:	526a444fee32209addd555eb6b20faea943860ed6efd565e09d385f558dde97814834d39df8ca40e731be7f021ea6626
SHA1 hash:	26c10f07cc3956518ecadb3d8388b94c06a10fd8
MD5 hash:	48b80d26971141968cd178e318b8b14e
humanhash:	nitrogen-triple-two-cold
File name:	Products Inquiry.tgz
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	346'844 bytes
First seen:	2021-02-01 10:59:24 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	6144:anfWR+yNncmt+VBz2pjf7IqJlMumE/nhM3jTJCSaZaLxdUebJ2sRqfanJqh:anfi4mt+LiPIiPhSTMSaZwJ95OOqh
TLSH	7674234F7DF3E37A2A11478815DE0B4EB9CE356068E89FB94BC680D3101AF2D589D987
Reporter	cocaman
Tags:	tgz

Intelligence

File Origin

# of uploads :

# of downloads :

119

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5c31e5d9d2b127884a25ceea7465b00b994f3de7bf7360440183230e7c2c4690/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2021-02-01 11:00:07 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

10 of 29 (34.48%)

Threat level:

5/5

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/5c31e5d9d2b127884a25ceea7465b00b994f3de7bf7360440183230e7c2c4690

File information

The table below shows additional information about this malware sample such as delivery method and external references.

AgentTesla

rar 5c31e5d9d2b127884a25ceea7465b00b994f3de7bf7360440183230e7c2c4690

(this sample)

AgentTesla

exe 68c82784182c8cbb7e3106e1df62a90619357c509825b0c8cb3d6c92b6806817

Delivery method

Distributed via e-mail link

Dropping

SHA256 68c82784182c8cbb7e3106e1df62a90619357c509825b0c8cb3d6c92b6806817

URLhaus

https://urlhaus.abuse.ch/url/986244/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample