MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9de1f44fb966c4d5a8877059a530b2dd4eb01228b0ea52a78ac43df28140315b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	9de1f44fb966c4d5a8877059a530b2dd4eb01228b0ea52a78ac43df28140315b
SHA3-384 hash:	33d09938ac7a0f473022eb6fc1484c2dc74545971dfc1b9337eb5ea5784f78694d6d732c6b9f53a736ee412c8ab34394
SHA1 hash:	b897a08cfd4e73cbcd24b7229afe6e63963fc1ba
MD5 hash:	13ab9c144f081b12d436807c4695a5bb
humanhash:	arkansas-yankee-johnny-colorado
File name:	56071822.xls
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	87'040 bytes
First seen:	2020-04-27 07:16:09 UTC
Last seen:	Never
File type:	xls
MIME type:	application/vnd.ms-excel
ssdeep	1536:Hk3hOdsylKlgryzc4bNhZFGzE+cL2knA0rIvLgcDshCP/aNFiyTMzdgMESoIliCw:Hk3hOdsylKlgryzc4bNhZFGzE+cL2knd
Threatray	10'941 similar samples on MalwareBazaar
TLSH	72835D53F982D983E8184378ADC34EE52B297D58AF52A7DF3145BF8A3F707414D0A125
Reporter	jarumlus
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

1

# of downloads :

89

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

TwinWave.EvilDoc.CROCallsFunctionAndKeepsOnRunninRunnin.UNOFFICIAL

TwinWave.EvilDoc.CROHeadGames.20200320.UNOFFICIAL

Doc.Dropper.Agent-7698492-0

Gathering data

Threat name:

Document-Word.Trojan.Sload

Status:

Malicious

First seen:

2020-04-27 04:01:00 UTC

File Type:

Document

Extracted files:

21

AV detection:

19 of 48 (39.58%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=txq7it5zm3cnlkehobm2kmfs3vhlaeriwdvffj4kyq67fakagfnq._file

Verdict:

malicious

Label(s):

agenttesla

Similar samples:

0f75f6670487368f4ba9f5cf419f8f96433a2c4176bd2d07c4a12d0c83963abb

14460141625dd22787e0240e169ba782d157f760a0a01670847e3dc8c0919634

3ddfcc0ce0a57e7f3131d0ba603d6516f00c6cf94f67e79ab38a7e8f922f74bc

3de5c485f705f1cdf6088142033fb366aafa369044f74cf5a01a8c3517daa831

4aeded46b92aeea959a9f7f8315dae9d9ddd3725cb6ff0a01df1820e11ebd2a2

6407a885f99633b2f5559e9f04b001a859367468dd7e761fb28d527995f3112d

7ff0b93f3ac5f3acfe8f9718a8c6d0828e65f39e08cee553312cd24d8aed6dd1

d8bc30268551dbd155b8117bf3be1c869fc9945508801f658583e8f4ec46187c

dcbfc03cfe9523c25ab335f599cebcbbe8f2439ef7ab973aa9ec0330e4e7d11f

dda6fa100ac492f3b6b2bd5a619c0926b4a40431f8c0e0593d0bcdb2caf3d7b0

+ 10'931 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample