MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c503c6475202598918ad173f031375cab997325907ecfc12c1625edb78e5229. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c503c6475202598918ad173f031375cab997325907ecfc12c1625edb78e5229
SHA3-384 hash: 1e3d351d839238638c587ba7ee830aead5b7cba3e2750b0c404180a842c7b71e9561e530b1abdf0930bff97304c2f281
SHA1 hash: b879453544f90fc26052ba2b42ab796f690ba4c5
MD5 hash: b8b4d09e7110f216879e21de187e5ec0
humanhash: romeo-beer-mars-pizza
File name:Emailing Swift.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:416'199 bytes
First seen:2021-11-27 16:46:09 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:PQA9ZjX8/5qvKPxqJBvWAdBVBk7CVuD7kGZR7UGu951Vy4ERB3/TY1gFnaIAJGWR:ToBkHqCVuDYGZlUFz11E3D54ti7k5R9
TLSH T186942304FD3BD8533264EE86889E76F7A9D2DB27AD391181C06CBC1C622831D1B53B59
Reporter cocaman
Tags:AgentTesla INVOICE r00 SWIFT


Avatar
cocaman
Malicious email (T1566.001)
From: "=?UTF-8?B?ZW5kZXIgZ8O2esO8bW/En2x1?= <endergozumoglu@gmail.com>" (likely spoofed)
Received: "from gmail.com (unknown [185.222.58.155]) "
Date: "27 Nov 2021 09:52:31 +0100"
Subject: "RE: Re: Proforma-Invoice AB22-00178"
Attachment: "Emailing Swift.r00"

Intelligence

File Origin
# of uploads :
1
# of downloads :
302
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/61a26107f36138de3f41fe68/reports/bc79b548-10f4-4d02-8f6d-4a657247ec95/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c503c6475202598918ad173f031375cab997325907ecfc12c1625edb78e5229/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-11-27 16:47:13 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
15 of 43 (34.88%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lridyzdveaszremk2fz7amjxlsvzs4zfsb7m7qjmcys63n4okiuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5c503c6475202598918ad173f031375cab997325907ecfc12c1625edb78e5229

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 5c503c6475202598918ad173f031375cab997325907ecfc12c1625edb78e5229

(this sample)

AgentTesla

Executable exe 3ad952f5675e7f82130c8f5c095d107e6258d0737fc54ca85fa8ee5fc030b8b6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3ad952f5675e7f82130c8f5c095d107e6258d0737fc54ca85fa8ee5fc030b8b6

Comments