MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a441e785ee7f8b3600f67cb950445ca9c1c4f23788e185b97e4d293730189c14. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a441e785ee7f8b3600f67cb950445ca9c1c4f23788e185b97e4d293730189c14
SHA3-384 hash: eb0f2219b4274c36798112dcf767d284336dbb8226ae4dd793884b280b4dc57ca6009e63b2a5c171025220e9a7f8856a
SHA1 hash: 96f305b1060e373f10eb49e91ae1dc4bd2e91d9f
MD5 hash: db449ae2a1bc8a24075a7c7f76e0062c
humanhash: papa-spring-muppet-mississippi
File name:swift_transfer_pdf.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:339'641 bytes
First seen:2021-02-15 16:38:08 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:x5SsAWE8h7E9uxf8pqqL556YRXMwlZIwz0OJJlWZ+4Zjz:x0sAWNE9uxf8Au5wz6ZIwAORM3Jz
TLSH B57423A2F680F7FA684610C54E6F07A1F4DCB57F26F5BE5EF2106142CECA268F865841
Reporter cocaman
Tags:AgentTesla r00


Avatar
cocaman
Malicious email (T1566.001)
From: ""Marie Azar" <taizo.sato.fv@g-sanden.com>" (likely spoofed)
Received: "from postfix-inbound-2.inbound.mailchannels.net (inbound-egress-5.mailchannels.net [199.10.31.237]) "
Date: "15 Feb 2021 06:52:51 -0800"
Subject: "Re: swift"
Attachment: "swift_transfer_pdf.r00"

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a441e785ee7f8b3600f67cb950445ca9c1c4f23788e185b97e4d293730189c14/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2021-02-15 16:39:07 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
9 of 29 (31.03%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ura6pbpop6ftmahwps4varc4vha4j4rxrdqylol6juutomaytqka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/a441e785ee7f8b3600f67cb950445ca9c1c4f23788e185b97e4d293730189c14

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 a441e785ee7f8b3600f67cb950445ca9c1c4f23788e185b97e4d293730189c14

(this sample)

AgentTesla

Executable exe 8a44fabd61b1b7695fed4db543418ec7ceb0a7641035641d449254a9c458affb

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8a44fabd61b1b7695fed4db543418ec7ceb0a7641035641d449254a9c458affb
  
Dropping
AgentTesla

Comments