MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 643e36b60c2cec5bdbf4fe76ac0190131856d78a17fbc0823fe672607c2f5f64. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 643e36b60c2cec5bdbf4fe76ac0190131856d78a17fbc0823fe672607c2f5f64
SHA3-384 hash: 12d39fd90031b954c940fdc0f70f8a786bdd7f4306345b5a6b50d2f94a8fab00c53b589d1736aeb05eaf56f24480aefb
SHA1 hash: 9cdad321d57a9f7e08c70bd93866b0be6d51ae27
MD5 hash: 3876ba48d6616f228c3388ccb553edb6
humanhash: fourteen-michigan-rugby-oklahoma
File name:CI-210318L.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:441'502 bytes
First seen:2021-03-30 05:44:12 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:SDx9nhFFXSvtdPR39ZbTQM5Ymo+Om7KNv:Ix9hTXG3D9zKNv
TLSH F39423BD8095BF8D934F6190D27991AE1CD1073BD091B1B9189AE375C9E32F8BB341C6
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Alan Li <alanli@haitai.cc>" (likely spoofed)
Received: "from haitai.cc (unknown [217.146.88.165]) "
Date: "30 Mar 2021 07:14:16 +0200"
Subject: "RE: BL:SEAE1509921.1 "
Attachment: "CI-210318L.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.15529.14571.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/643e36b60c2cec5bdbf4fe76ac0190131856d78a17fbc0823fe672607c2f5f64
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/643e36b60c2cec5bdbf4fe76ac0190131856d78a17fbc0823fe672607c2f5f64/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-30 05:45:06 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
3 of 48 (6.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mq7dnnqmftwfxw7u7z3kyamqcmmfnv4kc754bar74zzga7bpl5sa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/643e36b60c2cec5bdbf4fe76ac0190131856d78a17fbc0823fe672607c2f5f64

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 643e36b60c2cec5bdbf4fe76ac0190131856d78a17fbc0823fe672607c2f5f64

(this sample)

AgentTesla

Executable exe 965504bff8dbe047149efa3e661d859d87b543774f5d0d25a19219dc9be40cc5

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 965504bff8dbe047149efa3e661d859d87b543774f5d0d25a19219dc9be40cc5
  
Dropping
AgentTesla

Comments