MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62277d9bd3168bd577060c5e7717682ace88cb88a0418a543dad2fd9a5d15ea1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	62277d9bd3168bd577060c5e7717682ace88cb88a0418a543dad2fd9a5d15ea1
SHA3-384 hash:	97bd64b2680902b2c89f5e82f5e638573a20442f4293c53fe6bdf99110f5e647ec1031f0429a00fd90dae4b13a0a9332
SHA1 hash:	17de6e804fcf58027db3b5bffa1b8fe11d1c3c87
MD5 hash:	5de101b47268231aa82e8c5b68d79056
humanhash:	east-alabama-edward-victor
File name:	Contrato firmado.zip
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	429'569 bytes
First seen:	2021-04-02 10:03:45 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	6144:WzqBSjYfYqIZTcVJgcHZq9csjUuHJknwEUOrlvrefBONKjHbENbDBQouqTJ0MUOH:WDaI2VJnkc3FrVefjjHIxBd1LUBVDI
TLSH	E79423293C04A6E47207CCC7CF16FD2DF63278D6889EB5C18C5F82A2BA35189B654976
Reporter	GovCERT_CH
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

1

# of downloads :

111

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL

SecuriteInfo.com.Trojan.PackedNET.576-3.UNOFFICIAL

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/62277d9bd3168bd577060c5e7717682ace88cb88a0418a543dad2fd9a5d15ea1

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/62277d9bd3168bd577060c5e7717682ace88cb88a0418a543dad2fd9a5d15ea1/

Threat name:

ByteCode-MSIL.Trojan.Taskun

Status:

Malicious

First seen:

2021-04-01 08:21:37 UTC

AV detection:

7 of 48 (14.58%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=mitx3g6tc2f5k5ygbrphof3iflhirs4iubayuvb5vux5tjorl2qq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

AgentTesla

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/62277d9bd3168bd577060c5e7717682ace88cb88a0418a543dad2fd9a5d15ea1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 62277d9bd3168bd577060c5e7717682ace88cb88a0418a543dad2fd9a5d15ea1

(this sample)

exe d2e0198548e4d9b2adc585ec02f6f8a4240ee7cf2cb96696c99f216c570bf36b

Dropped by

AgentTesla

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 d2e0198548e4d9b2adc585ec02f6f8a4240ee7cf2cb96696c99f216c570bf36b

Dropping

MD5 99e18d564086ec4adf3dda1b828495f4

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample