MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 71f9d7a06eb71d42ad7e065df3587af017176d6001f0c8943344648a87722fe5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 71f9d7a06eb71d42ad7e065df3587af017176d6001f0c8943344648a87722fe5
SHA3-384 hash: c6fe58c02b9f03f0cea4f35a8210e8d8eb1bd77e34b4203c01d1591547ce1ec32e4226f9bb121233a334e0e8bd4842a3
SHA1 hash: 05e20e8cd087d6ce954c26e7a320d4201b39f0dd
MD5 hash: 093e493d8441fc3e29a47fd55aeb9780
humanhash: lima-oven-nuts-oranges
File name:SOA.r15
Download: download sample
Signature AgentTesla
Create hunting rule
File size:414'886 bytes
First seen:2021-02-17 10:40:58 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:3WtHXgWQ01YV7s6NiC9MacNfLQSdtEvZtg54Ao/zuZaIchbHGh2lvUxik0RY0GDU:mGWQmYVDN4aIk0tlQLuZaj7lvHRY0Ge7
TLSH E494237C07D675658278BFAB3AB8F860844C503EFC36B2BB1DA3DA7C95E2C104794295
Reporter cocaman
Tags:AgentTesla r15


Avatar
cocaman
Malicious email (T1566.001)
From: "Agri Ops imports <agri.ops@ssoeglobal.com>" (likely spoofed)
Received: "from server.sapgrp.com (server.sapgrp.com [45.120.149.210]) "
Date: "Wed, 17 Feb 2021 18:02:32 +0800"
Subject: "RE: STATEMENT OF ACCOUNT"
Attachment: "SOA.r15"

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/71f9d7a06eb71d42ad7e065df3587af017176d6001f0c8943344648a87722fe5/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-02-17 10:41:05 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
6 of 47 (12.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oh45pidow4oufll6azo7gwd26alro3laahymrfbtirsivb3sf7sq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/71f9d7a06eb71d42ad7e065df3587af017176d6001f0c8943344648a87722fe5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 71f9d7a06eb71d42ad7e065df3587af017176d6001f0c8943344648a87722fe5

(this sample)

AgentTesla

Executable exe 7d87ab47471995e965c8a938c94bfd7c64122f4f7d366e307945104f558d52df

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7d87ab47471995e965c8a938c94bfd7c64122f4f7d366e307945104f558d52df
  
Dropping
AgentTesla

Comments