MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 80a798a4a71eec5c1200f5fe848d2d099fe0cca2fadf735faf1e316e19fad6ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 80a798a4a71eec5c1200f5fe848d2d099fe0cca2fadf735faf1e316e19fad6ea
SHA3-384 hash: 3eab9280acc1fd943195be3a36ef5d9ebc74a2065a747585d8974626a2a5ab5f2132e004d4497d14926c3260797378db
SHA1 hash: e31f3ae5153fe3565961ae81a9643ab31116b15c
MD5 hash: 8a06425ae3d32ab9a4de015038060b39
humanhash: batman-don-blue-delaware
File name:RECHNUNG UND LIEFERUNG.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:449'209 bytes
First seen:2020-09-10 12:39:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:FKgypkFf46SrHLGcJB/K/cyVAHrHcBGlw79GP5ce6oxCm6uNU6SUnDrXc24PUF1R:FK67SDLGoB/K/pALuJ79Uft9T48/DZHz
TLSH 97A423AFFAE93C4C5F01262710BD69EDE71E07BF4E5A72120C261E0068AB5A535D43DB
Reporter abuse_ch
Tags:AgentTesla Endurance rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: 162-241-214-233.unifiedlayer.com
Sending IP: 162.241.214.233
From: Mutombo Nyembwe <mutombo.n@iftest.ch>
Subject: RECHNUNG UND LIEFERUNG
Attachment: RECHNUNG UND LIEFERUNG.rar (contains "RECHNUNG UND LIEFERUNG.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/80a798a4a71eec5c1200f5fe848d2d099fe0cca2fadf735faf1e316e19fad6ea/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-09-10 12:41:05 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qctzrjfhd3wfyeqa6x7ijdjnbgp6btfc7lpxgx5pdyyw4gp223va._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/80a798a4a71eec5c1200f5fe848d2d099fe0cca2fadf735faf1e316e19fad6ea

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 80a798a4a71eec5c1200f5fe848d2d099fe0cca2fadf735faf1e316e19fad6ea

(this sample)

AgentTesla

Executable exe a4dfee0c949c801fde439c7c5b6a10d5369b2c9658633262a224b036d7197c7c

  
Dropping
MD5 4f85c5fac79c44d284afb5b78bfbe07b
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a4dfee0c949c801fde439c7c5b6a10d5369b2c9658633262a224b036d7197c7c

Comments