MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9cdf0bdacde552151655aadf7d23c459ff0552e4bfccd7e319292daa64671289. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9cdf0bdacde552151655aadf7d23c459ff0552e4bfccd7e319292daa64671289
SHA3-384 hash: 831908152691e62286b73e0e3e997d72c58622bc162d0f52f9cfbb479cdfe7d6a6eaa43001ba95e6c75c1cd66ead5a8f
SHA1 hash: fb444eb926d2b39429f06c756d33cfa4381b5913
MD5 hash: 47665b386abe1f1551fb18f757ce8850
humanhash: yellow-william-asparagus-dakota
File name:SHIPPING DOCS.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:924'094 bytes
First seen:2020-11-05 07:10:42 UTC
Last seen:2020-11-05 12:19:39 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:fR16I6FEOSeQ81egAvu5gtiqLAVgTS8NLvjeBsguJhfELQzhGZHaHK4WmI50DqHW:poHQPgABhAObSeguqQNa0BCnZ0Emn
TLSH A9153336FF4419E74504616D1C93D6EA1B7F688CE54549F8F3288A7C839AD84303DEAB
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: ""Operations Coordinator(Air Dept.)"<ash.zhang@ugslogistics.com>"
Received: "from ugslogistics.com (unknown [103.99.1.142]) "
Date: "04 Nov 2020 17:49:28 -0800"
Subject: "SHIPPING DOCUMENT"
Attachment: "SHIPPING DOCS.rar"

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27121.RarHeur.NoDP.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9cdf0bdacde552151655aadf7d23c459ff0552e4bfccd7e319292daa64671289/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2020-11-04 03:14:17 UTC
File Type:
Binary (Archive)
Extracted files:
37
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ttpqxwwn4vjbkfsvvlpx2i6elh7qkuxex7gnpyyzfew2uzdhckeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 9cdf0bdacde552151655aadf7d23c459ff0552e4bfccd7e319292daa64671289

(this sample)

AgentTesla

Executable exe ee126cf35bbdcf2b2e8bbff8f27371910f9037799d4a3f5dbba16e5dc39797e7

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ee126cf35bbdcf2b2e8bbff8f27371910f9037799d4a3f5dbba16e5dc39797e7
  
Dropping
AgentTesla

Comments