MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a567f55bf77448bca384dc7fb96ce54104db6f5751126e4993ec290b6e190dda. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a567f55bf77448bca384dc7fb96ce54104db6f5751126e4993ec290b6e190dda
SHA3-384 hash: 2dd89d230e3c314421e626ec5800d34a71fdf22a7f037ff6722ee124820678f6c4be62c7634176d3fd316b58ed30742c
SHA1 hash: b8e23e8a3c987d1c2e94ed9d7813f46c729acc9b
MD5 hash: 45b00c0e1904b5aea6ae582f09265f9a
humanhash: bulldog-william-march-yellow
File name:Quotation 000000000183_pdf.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'441'792 bytes
First seen:2022-07-13 08:18:34 UTC
Last seen:2022-07-14 06:28:25 UTC
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:SiUsFg+XBxn5XD8eL3gaa7f/C+idJZWdGQOs:SCFLX35zNLgHzC9ZWdG
TLSH T18665020FFB908665CB991E78ECB003614F71E8D26E23F74C35C8B1A55F6271609E4AE6
TrID 99.6% (.NULL) null bytes (2048000/1)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
0.0% (.SMT) Memo File Apollo Database Engine (88/84)
Reporter cocaman
Tags:AgentTesla img QUOTATION


Avatar
cocaman
Malicious email (T1566.001)
From: "Kristina Kukret <kukret.kristina@deutschmann.sk>" (likely spoofed)
Received: "from sig92-4.nikozen.info (sig92-4.syazen.info [54.37.82.150]) "
Date: "13 Jul 2022 12:49:36 +0200"
Subject: "Re: Fw: Quotation -Urgent"
Attachment: "Quotation 000000000183_pdf.img"

Intelligence

File Origin
# of uploads :
7
# of downloads :
234
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.Udf.PdfExe.28447.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62ce803d01fde6ede67fa4c0/reports/4517eaaf-d330-4556-88c1-389a9ce265e6/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a567f55bf77448bca384dc7fb96ce54104db6f5751126e4993ec290b6e190dda/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-07-13 08:19:09 UTC
File Type:
Binary (Archive)
Extracted files:
15
AV detection:
9 of 41 (21.95%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uvt7kw7xorelzi4e3r73s3hfiecnw32xkejg4smt5quqw3qzbxna._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a567f55bf77448bca384dc7fb96ce54104db6f5751126e4993ec290b6e190dda

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img a567f55bf77448bca384dc7fb96ce54104db6f5751126e4993ec290b6e190dda

(this sample)

AgentTesla

Executable exe c7766f27e6545befe3078a3a4fc03c96db8c8fcde0a7e46173b394d6e852ba90

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c7766f27e6545befe3078a3a4fc03c96db8c8fcde0a7e46173b394d6e852ba90
  
Dropping
AgentTesla
  
Dropping
MD5 f5632b0167565382d3ba954a8ac4c423

Comments