MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7919783de80fe8bbc20927d6abcbb434477cdcdb51a48133635ee9d7d5a34c6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7919783de80fe8bbc20927d6abcbb434477cdcdb51a48133635ee9d7d5a34c6d
SHA3-384 hash: 7b6f4029bcce9d48f5ed5dda28e3408a5540ee7df813470b2ef76245c4fd6fceb42d64bf880a8811d3523928bdc28a9a
SHA1 hash: 678f870fe1655aa5e61d6ecba5f171f31cfc739e
MD5 hash: efede658f7f9619aa9cbe485ca3102ee
humanhash: monkey-ten-lithium-glucose
File name:NEW URGENT INQUIRY_B9020289.pdf.ar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:445'480 bytes
First seen:2021-03-09 06:27:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:/Kh7bLbxWEBctwyBSCK2GdBskjBuqbonGr+:6ctpBSkXOTyx
TLSH F29423BAE72BE95721CE80F6723388BDC1583689B48918115FAC34807DB345EB9DC5DE
Reporter cocaman
Tags:AgentTesla ar

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2021-03-08 21:49:51 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pemxqppib7ulxqqje7lkxs5ugrdxzxg3kgsicm3dl3u5pvndjrwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/7919783de80fe8bbc20927d6abcbb434477cdcdb51a48133635ee9d7d5a34c6d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 7919783de80fe8bbc20927d6abcbb434477cdcdb51a48133635ee9d7d5a34c6d

(this sample)

AgentTesla

Executable exe 3f6ec2ba24b07924bf9bab3d4ae81df005d327bd6a93481ebefe0fff004d9fa3

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3f6ec2ba24b07924bf9bab3d4ae81df005d327bd6a93481ebefe0fff004d9fa3
  
Dropping
AgentTesla

Comments