MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84ce6fff6229f74a241d74c1c305de381bb7439a964fadbd14623b53bd18588e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 84ce6fff6229f74a241d74c1c305de381bb7439a964fadbd14623b53bd18588e
SHA3-384 hash: 0a6c6847169a34ef99629c4262236a1812ba08cc240118d14d819616af03bae0a4e6bc27d9288db3cdd3d7e3800f6438
SHA1 hash: a90417493201d6dcbef2634a135fc1b3d1f5e4f2
MD5 hash: e48a5ee61b93794c0a3819e88dcdcaad
humanhash: connecticut-paris-romeo-july
File name:inv.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:443'154 bytes
First seen:2021-03-05 16:04:57 UTC
Last seen:2021-03-05 16:11:46 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:8ehwEQRFxSRy50LcxNXH6lxOcT+qgoTfO6Lxs+:8ehw7R+U50Laq3OcT+q9NN1
TLSH 8F9433BBDAD2242044897577D2F612C9924230A77CBD1B3E58EF4B8B4A7FB8F489444D
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Jean Kepp<info@easycep.com>" (likely spoofed)
Received: "from easycep.com (unknown [103.138.109.249]) "
Date: "05 Mar 2021 05:39:45 -0800"
Subject: "AW:AW:Shipment Doc"
Attachment: "inv.rar"

Intelligence

File Origin
# of uploads :
2
# of downloads :
180
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/84ce6fff6229f74a241d74c1c305de381bb7439a964fadbd14623b53bd18588e/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-05 12:24:55 UTC
File Type:
Binary (Archive)
Extracted files:
26
AV detection:
10 of 28 (35.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qthg773cfh3uuja5ota4gbo6han3oq42szh23piumi5vhpiylcha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/84ce6fff6229f74a241d74c1c305de381bb7439a964fadbd14623b53bd18588e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 84ce6fff6229f74a241d74c1c305de381bb7439a964fadbd14623b53bd18588e

(this sample)

AgentTesla

Executable exe f892fa6757d9aab17b11c24debe91cc7ecd4591bc656f9e653dacf883a1b764f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f892fa6757d9aab17b11c24debe91cc7ecd4591bc656f9e653dacf883a1b764f
  
Dropping
AgentTesla

Comments