MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79ba630bb35ff276206cd138ae4efe01e2929ab38a1cb61e21afc8a0152cc411. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79ba630bb35ff276206cd138ae4efe01e2929ab38a1cb61e21afc8a0152cc411
SHA3-384 hash: 74c862c7b9e02a7c0fa6207fac580aea13f2a439e88693a05095efde8d7b26896ae123d341dd68e48d5c43bbc11313e5
SHA1 hash: c4ec390ba33f9570029101d2f1a49cbc1e45b608
MD5 hash: 0a9938e774cf104575568f20800a9e9c
humanhash: seventeen-robert-island-artist
File name:New_Order #20201103_004178.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:771'558 bytes
First seen:2020-11-03 06:26:02 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:VwG6AHYHTJAVqiuBAyOns+WCiiBNx8JIu/luNdiaEiby1+N2wmAhPArKElB5p:VwG6A4HTYuBAfnzii/QF/lidFbw+N2iA
TLSH C4F433351A310E46595895BFF6AE1903C7FDC4B0B9FB05CA113A8CD92234BE890BE67D
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Helen han <m.dada@alhattabcontracting.com>"
Received: "from uzlinshpl01.uzcloud.uz (uzlinshpl01.uzcloud.uz [185.74.4.8]) "
Date: "Mon, 02 Nov 2020 19:02:44 -0800"
Subject: "RE: New Order"
Attachment: "New_Order #20201103_004178.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/79ba630bb35ff276206cd138ae4efe01e2929ab38a1cb61e21afc8a0152cc411/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-03 06:27:06 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pg5ggc5tl7zhmidm2e4k4tx6ahrjfgvtriolmhrbv7ekafjmyqiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/79ba630bb35ff276206cd138ae4efe01e2929ab38a1cb61e21afc8a0152cc411

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 79ba630bb35ff276206cd138ae4efe01e2929ab38a1cb61e21afc8a0152cc411

(this sample)

AgentTesla

Executable exe 6014abff3f883feb405938f546265bc9d6fd5a0397778d10fbbcf7e7a04370af

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6014abff3f883feb405938f546265bc9d6fd5a0397778d10fbbcf7e7a04370af
  
Dropping
AgentTesla

Comments