MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c38d1a30e93254e5233e396fcca691be10d18fde2d78e2a68420ee56c9fd685. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	9c38d1a30e93254e5233e396fcca691be10d18fde2d78e2a68420ee56c9fd685
SHA3-384 hash:	df7a4b8ed2c09609d2074c6c335eaae80b97b7973d3006d9502c4622c25662f49816609c6f4f5ad6ebd2ab33c645fb0b
SHA1 hash:	dd707134cdc0927c201e3df18823f861a5426e51
MD5 hash:	9c4f83123f41fcdc29382f0b683959c0
humanhash:	cardinal-friend-neptune-idaho
File name:	Paketdetails.tar
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	2'032'128 bytes
First seen:	2020-12-07 06:23:41 UTC
Last seen:	Never
File type:	tar
MIME type:	application/x-tar
ssdeep	49152:H6O6Uhrn22p/stLJ+TuVsSrVNOLEdetBbAxDoHFT0Ad:H6O6U92okdJDVsYJBD
TLSH	A095F039AE545139F4766F3C99A02551A65E6F937F2BE89D2CF131E90B33A8389C013C
Reporter	cocaman
Tags:	tar

Intelligence

File Origin

# of uploads :

1

# of downloads :

138

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Gen.NN.ZemsilF.34670.7n0@aGSsl0i.15595.UNOFFICIAL

Result

Verdict:

SUSPICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9c38d1a30e93254e5233e396fcca691be10d18fde2d78e2a68420ee56c9fd685/

Threat name:

ByteCode-MSIL.Trojan.Heracles

Status:

Malicious

First seen:

2020-12-07 06:24:56 UTC

File Type:

Binary (Archive)

Extracted files:

7

AV detection:

17 of 29 (58.62%)

Threat level:

5/5

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Eldorado

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/9c38d1a30e93254e5233e396fcca691be10d18fde2d78e2a68420ee56c9fd685

File information

The table below shows additional information about this malware sample such as delivery method and external references.

47e02352a5b63778999b6edea53f398a93728f6f3614aa317c40804d4ded3828

tar 9c38d1a30e93254e5233e396fcca691be10d18fde2d78e2a68420ee56c9fd685

(this sample)

exe bb4fa1ef7cc21d3a4c66b243f542b24473441837a5aa5c453d9d89080b20acfe

Delivery method

Distributed via e-mail link

Dropping

SHA256 bb4fa1ef7cc21d3a4c66b243f542b24473441837a5aa5c453d9d89080b20acfe

Dropped by

SHA256 47e02352a5b63778999b6edea53f398a93728f6f3614aa317c40804d4ded3828

URLhaus

https://urlhaus.abuse.ch/url/895546/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample