MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8af036d36db87bae3f3035be0b58a7823f70beb174ed69add02e210ad77348d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8af036d36db87bae3f3035be0b58a7823f70beb174ed69add02e210ad77348d4
SHA3-384 hash: f61157e8d38662fcb3fda40b5f6804e7d241b06e8879b4e002332bd24258d38c68cf0018d25aef61e03078b30b404833
SHA1 hash: 1889e09b736fc0ecc2751e89ebaefb3dd739203f
MD5 hash: aad1e9e3d7c35dc24f199cb00635a015
humanhash: november-west-butter-victor
File name:new po.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:3'773'740 bytes
First seen:2021-01-18 09:02:12 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 98304:BxfvvA0I7olzBhHl1cnETjqEf5JbjMY/4NMNcmLjSyCjft:BxY0I7cluO1PMiiMNZLjPCjft
TLSH 0206332E2713C4A3F394CA15CABCE6C2571DF9A32775551BC4C4AE6DA2AA1C1D3AC13C
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: Echo <paulcorp@cyber.net.pk>
Reply-To: importmegapoint@yahoo.com
Subject: New Order Product
Attachment: new po.rar (contains "new po.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8af036d36db87bae3f3035be0b58a7823f70beb174ed69add02e210ad77348d4/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 09:03:05 UTC
AV detection:
15 of 45 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rlydnu3nxb524pzqgw7awwfhqi7xbpvrotwwtloqfyqqvv3tjdka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8af036d36db87bae3f3035be0b58a7823f70beb174ed69add02e210ad77348d4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 8af036d36db87bae3f3035be0b58a7823f70beb174ed69add02e210ad77348d4

(this sample)

AgentTesla

Executable exe 3da8fa82f62835bcf35377d5376e002aeccff9228bd65650bbb95a6a222808af

  
Dropping
MD5 db7c5591589c1bc7be457ad87d8fff0e
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3da8fa82f62835bcf35377d5376e002aeccff9228bd65650bbb95a6a222808af

Comments