MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a30ae433f77f63510ba94f1b083d30bc2cb3118c7873a485da5ba18d61204199. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a30ae433f77f63510ba94f1b083d30bc2cb3118c7873a485da5ba18d61204199
SHA3-384 hash: 2814a89eb650b511fd518686116eedfe67fe18b54ca22d816173774db51f9d0435cb95fe59d50a682671aff7475c2fbb
SHA1 hash: b7cfc6615a3af1179dfc5afb7f527dc55be94817
MD5 hash: bfad42f86b43d41c5963b390ec619d81
humanhash: shade-freddie-cola-don
File name:NEW OFFER No PO_821557.doc.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'143'471 bytes
First seen:2020-10-24 06:40:53 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:sENI9twyjdFN37MHXyVQn1WrDpZvytJJOndFPM2gsr3bl/8DBChj:sLrjNqXyyn1SDpZvytJJOnXPM2tVm2
TLSH 5035335C549B7D5433EBA909C042DBA05830FB2436D227BC7BC6BAFA0A751F31A4C563
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: MANAGEMENT <javaid@cyber.net.pk>
Reply-To: ericgillis60@gmail.com
Subject: NEW OFFER No PO_821557
Attachment: NEW OFFER No PO_821557.doc.z (contains "NEW OFFER No PO_821557.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a30ae433f77f63510ba94f1b083d30bc2cb3118c7873a485da5ba18d61204199/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 23:33:58 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=umfoim7xp5rvcc5jj4nqqpjqxqwlgemmpbz2jbo2loqy2yjaigmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a30ae433f77f63510ba94f1b083d30bc2cb3118c7873a485da5ba18d61204199

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z a30ae433f77f63510ba94f1b083d30bc2cb3118c7873a485da5ba18d61204199

(this sample)

AgentTesla

Executable exe 5a746e5d571da38e2d3a73e37500182ce14cc15ba5dcef30851cfbbeeacd73cc

  
Dropping
MD5 ba114ab84e562a700e8a382d1c678aa3
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5a746e5d571da38e2d3a73e37500182ce14cc15ba5dcef30851cfbbeeacd73cc

Comments