MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91f2977a78b83c82eab6e06c9cda64ce13f40461711fcafffb2853189470894c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91f2977a78b83c82eab6e06c9cda64ce13f40461711fcafffb2853189470894c
SHA3-384 hash: e47b63d9f39aeb5cd48dae2f7156c32fadcf56589b7a59b6d5f65eae78f2db1062f93e280b933bdcaa5e56e4f4605756
SHA1 hash: 81ab9620e9b668d113bfaa1d4e20c18e728109eb
MD5 hash: 6ba769ce8e66f1da197ff0806c237a18
humanhash: virginia-eighteen-tango-river
File name:SHIPPING DOCS - MV. SN QUEEN.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:638'751 bytes
First seen:2021-04-07 06:00:51 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:MCGFoGWgxcONxNvqYLdH+K2Mr2eb7IO6t0BKOOf61aZbX56e3UR2rmOhjzi8N7FE:V3gG+xNamr2eVJvOiYFseIEtn0nXHcg
TLSH 0CD423D08C997B504BF9C5C9C9F195006BA7B5B9270BB2DD41C932C740E764CBB82B97
Reporter abuse_ch
Tags:cab


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hp0.304.gvuwx.ga
Sending IP: 138.68.51.211
From: SEA NET SHPG <seanets@seanetshipping.co.kr>
Subject: (AGENT NOMINATION)MV. SN QUEEN(V.135) - DISCG
Attachment: SHIPPING DOCS - MV. SN QUEEN.cab (contains "SHIPPING DOCS - MV. SN QUEEN.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Generic-S.16609.31599.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/91f2977a78b83c82eab6e06c9cda64ce13f40461711fcafffb2853189470894c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-07 06:01:27 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=shzjo6tyxa6if2vw4bwjzwtezyj7ibdboep4v773fbjrrfdqrfga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/91f2977a78b83c82eab6e06c9cda64ce13f40461711fcafffb2853189470894c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab 91f2977a78b83c82eab6e06c9cda64ce13f40461711fcafffb2853189470894c

(this sample)

AgentTesla

Executable exe 7cece5ca77b93ef7c41219923e3c080c99bffcca2141cde0acc72dc17daa6211

  
Dropping
MD5 f0c5436d93871eb449ac9f39f4812fb3
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7cece5ca77b93ef7c41219923e3c080c99bffcca2141cde0acc72dc17daa6211

Comments