MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61192011cb1ca44bc4ce580377b530280f6eb34b63dad3f7b858eba59f0f7037. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 1


Intelligence 1 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 61192011cb1ca44bc4ce580377b530280f6eb34b63dad3f7b858eba59f0f7037
SHA3-384 hash: 8107972ac20277f6fb99b05a68c208082440f78f578769469c17fc314679dab3fccea44c35da6ca6bed699992331f79d
SHA1 hash: 7983c20f4464d61cd6a7701cc617c7ac5236bb74
MD5 hash: 38f7c16068d6ec79b8bc381ca0138cce
humanhash: kilo-minnesota-alpha-lima
File name:mixtec new order and price list request for the month of december_pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:673'124 bytes
First seen:2020-12-02 07:00:09 UTC
Last seen:2020-12-02 07:04:09 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:C9U2Vw1lxijdNWL4dwBC2DJcwQ8vU3bnKnPwqT/RN8WcmvsQudG1/cNGSHAcyNu:eUt1lUjdsL4dwBC3v3bKIqd35udGRcX1
TLSH 24E433FAA1BB0FCFC9435B2E789BDEE5415C204E51A1F35F579BCBCA0A9588905D8302
Reporter cocaman
Tags:rar


Avatar
cocaman
Malicious email (T1566.001)
From: ""Vinay Menon (Sales Purchasing Manager)" <admin@magitest.me>" (likely spoofed)
Received: "from box.magitest.me (box.magitest.me [178.128.69.57]) "
Date: "Wed, 02 Dec 2020 01:18:17 +0200"
Subject: "Order"
Attachment: "mixtec new order and price list request for the month of december_pdf.rar"

Intelligence

File Origin
# of uploads :
4
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.28873.10461.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/61192011cb1ca44bc4ce580377b530280f6eb34b63dad3f7b858eba59f0f7037/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/61192011cb1ca44bc4ce580377b530280f6eb34b63dad3f7b858eba59f0f7037

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 61192011cb1ca44bc4ce580377b530280f6eb34b63dad3f7b858eba59f0f7037

(this sample)

AgentTesla

Executable exe 5e7ab36ec389a4294220c2b5535e8389fcb1acbd09b7a87dbc2e924ee54544b6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5e7ab36ec389a4294220c2b5535e8389fcb1acbd09b7a87dbc2e924ee54544b6

Comments


Avatar
Corsin Camichel commented on 2020-12-02 07:04:59 UTC

File Password: 123