MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1feae3f7616d9b2e7e259886def9d72c0479713cdb81ac9ab51a7ff90e335be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1feae3f7616d9b2e7e259886def9d72c0479713cdb81ac9ab51a7ff90e335be
SHA3-384 hash: fb33a8a41c56006302d2197d63368252f0ea95d87edddd29585d098902e2e051b550dfa26338c107d99187acef31c592
SHA1 hash: bc6a44d4a276a6e8e5f1ced774d3a5c655832bb3
MD5 hash: 9bfc48ca7b5c5612bd68ec649b4b4363
humanhash: stream-river-orange-harry
File name:NEW ORDER REQUEST.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:620'495 bytes
First seen:2020-10-13 09:29:31 UTC
Last seen:2020-10-14 10:06:31 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:I32SGb7voerGUUa64RE7Ss7QZTMigXxuCzrO09+N6i+dxLtI8sRSxYCt1:ImSkvoerGR2C7SI6Wpi8a8L
TLSH 8DD42343852FE1E52B2F5632F5432A702F2985E96D138F2613277C97A38A78F206D707
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Anastasia Bogolyubova <a.bogolyubova@strauttmann.com>"
Received: "from strauttmann.com (unknown [103.151.124.245]) "
Date: "13 Oct 2020 01:03:05 -0700"
Subject: "Re: NEW ORDER REQUEST"
Attachment: "NEW ORDER REQUEST.rar"

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.23628.RarHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b1feae3f7616d9b2e7e259886def9d72c0479713cdb81ac9ab51a7ff90e335be/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 04:07:28 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wh7k4p3wc3m3fz7clgeg3345olaepfytzw4bvsnlkgt77ehdgw7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b1feae3f7616d9b2e7e259886def9d72c0479713cdb81ac9ab51a7ff90e335be

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar b1feae3f7616d9b2e7e259886def9d72c0479713cdb81ac9ab51a7ff90e335be

(this sample)

AgentTesla

Executable exe aa996e1467f78b4965e61fc6ad87982814a0d1f10260593e63216af6e15a69f4

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aa996e1467f78b4965e61fc6ad87982814a0d1f10260593e63216af6e15a69f4
  
Dropping
AgentTesla

Comments