MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a89538eb67514a59db1306da423ab0ba3d261892df4fbb908943b867dd41f95d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a89538eb67514a59db1306da423ab0ba3d261892df4fbb908943b867dd41f95d
SHA3-384 hash: c25e0495d00f9ef1d3ce408869beb93487dfbb926c5d40baa84387f8c4c814ec90b603c7e54906246da89cdebe47b0b8
SHA1 hash: b636aebd8ccb90287529c738701fb10ce797603f
MD5 hash: ee9f24180e58c655703bbc5ae747196f
humanhash: snake-iowa-colorado-crazy
File name:Quotation MAK-2009-15-1 Turbine & Centrifugal Pumps.pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:357'697 bytes
First seen:2020-09-17 05:12:42 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:5H3nIn5hgl+OdIoXmw7OVhHiqpCqH9J5aonQRRq3YFK06QzmMhRQC0w2vd/6R:5H3In5al+OTmw7wQoCqH8onQ0YY06QXZ
TLSH DE74235302F5B3ACC81AB9123F1FBE092C2E2572B21F5785E6167E67AFB800D2674507
Reporter cocaman
Tags:rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Zeeshan Ali<zeeshana@pzes.co>"
Received: "from pzes.co (unknown [45.137.22.74]) "
Date: "16 Sep 2020 21:54:40 -0700"
Subject: "QUOTATION FOR THE SUPPLY OF CUMMINS 1000, 1250 &2000 KVA DIESEL GENSETS"
Attachment: "Quotation MAK-2009-15-1 Turbine & Centrifugal Pumps.pdf.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a89538eb67514a59db1306da423ab0ba3d261892df4fbb908943b867dd41f95d/
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-09-17 03:46:42 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vcktr23hkffftwyta3neeovqxi6smges35h3xeejio4gpxkb7foq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a89538eb67514a59db1306da423ab0ba3d261892df4fbb908943b867dd41f95d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar a89538eb67514a59db1306da423ab0ba3d261892df4fbb908943b867dd41f95d

(this sample)

AgentTesla

Executable exe 954bbd9e612117e2fa3f8c71e72ca98461f7ec20fc028d9910f8629cd170ec2b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 954bbd9e612117e2fa3f8c71e72ca98461f7ec20fc028d9910f8629cd170ec2b

Comments