MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 603001ac917dd599b86fb5b244d09f686cf9eaefd7af51c3f47063a81f6aa468. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 603001ac917dd599b86fb5b244d09f686cf9eaefd7af51c3f47063a81f6aa468
SHA3-384 hash: c4984cd5f45e42a92d773bd6adf81151db9ac330eb1ddb072b77922855833c290ed05bbfe0ae5923a071cd120c0e1327
SHA1 hash: f82bb33030d0f68a0728de517ac0f35a3477f17e
MD5 hash: 35257366218b8d2256cb7347685de654
humanhash: high-princess-lion-winner
File name:NBNVS22031419NVS.r09
Download: download sample
Signature AgentTesla
Create hunting rule
File size:385'364 bytes
First seen:2022-05-20 05:51:14 UTC
Last seen:2022-05-20 05:51:51 UTC
File type: r09
MIME type:application/x-rar
ssdeep 6144:zOojvorSQ+BvWFpRTRmq6VBvbbbVXEAGc5LUN17/9yUYgXcE1bcsANQx5neuXoM:qorQssRsrv3p7L5Lo7Vnt/A6x1RV
TLSH T1EF84235031168FC90C72ABC687B7E2D2476DFAD2C9217B14D393C94EBEAFC57A658900
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:AgentTesla r09


Avatar
cocaman
Malicious email (T1566.001)
From: "Mahesh Kulkarni <prod@pclsumo.com>" (likely spoofed)
Received: "from pclsumo.com (unknown [45.137.22.72]) "
Date: "20 May 2022 03:45:30 +0200"
Subject: "Re: Shipment clearance Ningbo to NHV PCL-SUMO BL-LNBNVS22031419NVS"
Attachment: "NBNVS22031419NVS.r09"

Intelligence

File Origin
# of uploads :
2
# of downloads :
246
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated packed replace.exe
Link:
https://www.filescan.io/uploads/62872c933223462f89d52523/reports/12b3ba8c-fd75-4bb9-9749-15ec8b80aee6/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/603001ac917dd599b86fb5b244d09f686cf9eaefd7af51c3f47063a81f6aa468/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-05-19 15:36:03 UTC
File Type:
Binary (Archive)
Extracted files:
29
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mayadlerpxkztodpwwzejue7nbwpt2xp26xvdq7uobr2qh3kurua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/603001ac917dd599b86fb5b244d09f686cf9eaefd7af51c3f47063a81f6aa468

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r09 603001ac917dd599b86fb5b244d09f686cf9eaefd7af51c3f47063a81f6aa468

(this sample)

AgentTesla

Executable exe c8e7095edd7c1d3ac3442ae1f29e34681ea348c5d8bdf3cb1a684c12498b3793

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c8e7095edd7c1d3ac3442ae1f29e34681ea348c5d8bdf3cb1a684c12498b3793
  
Dropping
MD5 9cc63e12514785431659964c7aa03347

Comments