MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ab88fa6596bdeb59946116b6424a34cdb5d3d4b95daa6ad5407a6ab13a60279. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9ab88fa6596bdeb59946116b6424a34cdb5d3d4b95daa6ad5407a6ab13a60279
SHA3-384 hash: 7e378e4a74115a954a3f5fa8b899a2ef01792eb31eff8a914bc5d7b0657a7c6e38dcf8d04c09e84b8678177004e20949
SHA1 hash: 7e0c2c4d9557bb7e7cdb222cb0ac4bbb537eac23
MD5 hash: 39e2b9b0efd4dcb63c0f8798b05e20f9
humanhash: gee-artist-purple-mockingbird
File name:invoice copy.tl.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:409'147 bytes
First seen:2020-11-13 09:45:40 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:hm8/gNpWUfp8XfE55nRKHiL+nt3vL9Il+:hmZ4Xfo1ACanRxIl+
TLSH 8E9423DD1700B0DD9C48D3A58E7C1E46EC174A4C8AC6CD588B84BF5FA5E2936D82CA7E
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Muhammad Younas <atencionaclientes@consolidcargo.com>" (likely spoofed)
Received: "from consolidcargo.com (unknown [103.53.41.195]) "
Date: "13 Nov 2020 14:32:23 +0530"
Subject: "invoice#646783"
Attachment: "invoice copy.tl.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs268.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.21447.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.24066.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.23810.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22851.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22964.ZipHeur.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9ab88fa6596bdeb59946116b6424a34cdb5d3d4b95daa6ad5407a6ab13a60279/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-13 08:38:39 UTC
File Type:
Binary (Archive)
Extracted files:
52
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tk4i7jsznppllgkgcfvwijfdjtnv2pklsxnknlkua6tkwe5gaj4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 9ab88fa6596bdeb59946116b6424a34cdb5d3d4b95daa6ad5407a6ab13a60279

(this sample)

AgentTesla

Executable exe 7c1cc691d4f45e93604996ead834345964e3ccc2e20c0df32376cf70c81fa802

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7c1cc691d4f45e93604996ead834345964e3ccc2e20c0df32376cf70c81fa802
  
Dropping
AgentTesla

Comments