MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4a3bae90c06f275a7834331b76e7294fedb55ef84bf69ef8dc6ba214e60f665. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a4a3bae90c06f275a7834331b76e7294fedb55ef84bf69ef8dc6ba214e60f665
SHA3-384 hash: 7e51b21326308d364f93cb086f874563520e13bce04ce593bd6ccfc731a73d060c56b638dcbf229ace3242d5229db860
SHA1 hash: a8502afee38b82d10f02c3f40effb238c71f89f7
MD5 hash: 6423b4e5c45d482a35571bdea2990d56
humanhash: tango-jersey-carpet-july
File name:URGENT_QUOTATION_PR # 270473. 20-04-2021xlxs.Gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:11'582 bytes
First seen:2021-04-20 06:02:35 UTC
Last seen:Never
File type:unknown
MIME type:application/x-7z-compressed
ssdeep 192:e6NBvTfDuUEX0F/Dv96a1SFyWBOvP8gz1MXgyHNuYlTE14w4Ipk3CQB0mGSHB0rN:fNBvTfK8RLkaSgWBngz+XgyZTE1v4YIE
TLSH 1132C06F627C9B4BBB05F970DC1E4D2B81BD5A0064D58F8F006EA5A68CF4D6B2472047
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Pamela Goddard <PGoddard@npcas.org>" (likely spoofed)
Received: "from mx1.safemail.at (mx1.safemail.at [77.244.250.91]) "
Date: "Tue, 20 Apr 2021 03:10:47 +0200"
Subject: "URGENT QUOTATION"
Attachment: "URGENT_QUOTATION_PR # 270473. 20-04-2021xlxs.Gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.MSIL_Kryptik.DNB.genEldorado.12675.20701.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a4a3bae90c06f275a7834331b76e7294fedb55ef84bf69ef8dc6ba214e60f665/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=usr3v2ima3zhlj4dimy3o3tsst7nwvppqs7wt34ny25cctta6zsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a4a3bae90c06f275a7834331b76e7294fedb55ef84bf69ef8dc6ba214e60f665

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

unknown a4a3bae90c06f275a7834331b76e7294fedb55ef84bf69ef8dc6ba214e60f665

(this sample)

AgentTesla

Executable exe 1b2155f2df693ef4f05ea92b20c266af854259620755205ee965fcb1382eb1dc

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1b2155f2df693ef4f05ea92b20c266af854259620755205ee965fcb1382eb1dc

Comments