MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a675f442e8c9e5af6e49a4fa0bdf3c3a3c708f8677c12fd539fab7cba1019c1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a675f442e8c9e5af6e49a4fa0bdf3c3a3c708f8677c12fd539fab7cba1019c1b
SHA3-384 hash: 4e1bae9ceab592a7d6ed7fd4fa572cde0aa7d40a475c237a55a165e96fa48f5bb510215d1b48318b78b35f361873697c
SHA1 hash: a1973ffb29cf1a3b1c89ec9ef5b68bb72c01e993
MD5 hash: d5847635ebc0564c496e4eb9340fbfef
humanhash: autumn-papa-arkansas-neptune
File name:SOA.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:674'448 bytes
First seen:2020-11-10 10:16:54 UTC
Last seen:2020-11-10 23:54:39 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:rPDmd/gK9efL1fGFcIy3IkjbKm54ZGvg3UUCDKmQHHT+SbnCahp5lLpuZR:r6/gme0Rkj54ZG4EUC0zrbC8p5lluj
TLSH F0E423E3FDB366C99AF274AE86B4B5C9F820F480807903F369172D29EA4BD3D158411D
Reporter GovCERT_CH
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a675f442e8c9e5af6e49a4fa0bdf3c3a3c708f8677c12fd539fab7cba1019c1b/
Threat name:
Win32.Trojan.Bluteal
Create hunting rule
Status:
Malicious
First seen:
2020-11-09 16:36:27 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uz27iqxizhs263sjut5axxz4hi6hbd4go7as7vjz7k34xiibtqnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar a675f442e8c9e5af6e49a4fa0bdf3c3a3c708f8677c12fd539fab7cba1019c1b

(this sample)

AgentTesla

Executable exe aa731bac3bac456751072d7a2062899e999d6437f085f893f4a5130784e161dc

  
Dropped by
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aa731bac3bac456751072d7a2062899e999d6437f085f893f4a5130784e161dc
  
Dropping
MD5 0c2a2c00a4c861faa5e40cb2105ffd97

Comments