MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 689144c862d3511a17d6a674bc2fe3b73c3673debd11e09a2c49e4d4a2c2adb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 689144c862d3511a17d6a674bc2fe3b73c3673debd11e09a2c49e4d4a2c2adb5
SHA3-384 hash: d4829d07a45faa871e5d3aa480fda9d86d3e322b9c9ded546890daafd3b475287bb76929e808accf7f3c3203e33b14db
SHA1 hash: d62c2077c2c14e7368c518557050cfb87614ee64
MD5 hash: 651d94551fd4a9274f84304591c92fa3
humanhash: mobile-steak-kilo-crazy
File name:24906_technical_datas.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:649'912 bytes
First seen:2021-02-05 06:06:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:sgemZj/We46w5RnqX+OV9tAQz9jk5YnPgEyA67s7AUyqC+hhd6yQxvt:sgesjet6enbCxk5Y4hFy3Nf6ycl
TLSH 7FD4231B0D8D346C60D5293FD78BE25569EF141C2BAE08D6F748A5253218A83DCFE58E
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Jannik von der Heiden <jvd.heeiden@rox-online.de>" (likely spoofed)
Received: "from rox-online.de (unknown [104.216.251.52]) "
Date: "4 Feb 2021 16:30:19 -0800"
Subject: "Request"
Attachment: "24906_technical_datas.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis52058269CC09.2367.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/689144c862d3511a17d6a674bc2fe3b73c3673debd11e09a2c49e4d4a2c2adb5/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-05 01:22:39 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nciujsdc2niruf6wuz2lyl7dw46dm466xui6bgrmjhsnjiwcvw2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/689144c862d3511a17d6a674bc2fe3b73c3673debd11e09a2c49e4d4a2c2adb5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 689144c862d3511a17d6a674bc2fe3b73c3673debd11e09a2c49e4d4a2c2adb5

(this sample)

AgentTesla

Executable exe 1b15f992f5339280a6ffcd88e12cdbd358f3fd2ea797ec96036d2d8cf62210d6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1b15f992f5339280a6ffcd88e12cdbd358f3fd2ea797ec96036d2d8cf62210d6
  
Dropping
AgentTesla

Comments