MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b74bdd41e69403ff637f52f371c5e9b63d4f4565c4728a96985ecf3965030492. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b74bdd41e69403ff637f52f371c5e9b63d4f4565c4728a96985ecf3965030492
SHA3-384 hash: 046f12ceda1b7ca7d229827535c90f341ad57fca41c2d82c16bd21fb00bda7d05050ac71855a9dc231c097bfa8bdc098
SHA1 hash: e6fb0244e6585fa1d338f94e651af84a9a53e071
MD5 hash: 3d96f6540d7550e789c7b3dbdaaabe07
humanhash: video-green-wisconsin-saturn
File name:BANK DETAILS.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:592'084 bytes
First seen:2020-11-10 07:23:35 UTC
Last seen:2020-11-10 14:45:07 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:4z+A5M0+o56i+PpCKn6LHf/W289/vnR9vClPTjFNL4FEzjR7aslk:M5M0++p+Pxc22815A1nFNLLR7asi
TLSH 20C4232138E371EEC1E21E734BFE68A964816F05AD9CC56434C9B0398FAE3976F5D418
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "alsumood@emirates.net.ae" (likely spoofed)
Received: "from emirates.net.ae (unknown [185.222.57.250]) "
Date: "9 Nov 2020 23:03:28 -0800"
Subject: "RE: URGENT: CONFIRM YOUR BANK DETAILS FOR REMITTANCE"
Attachment: "BANK DETAILS.gz"

Intelligence

File Origin
# of uploads :
3
# of downloads :
46
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b74bdd41e69403ff637f52f371c5e9b63d4f4565c4728a96985ecf3965030492/
Threat name:
ByteCode-MSIL.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 06:54:56 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
17 of 28 (60.71%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=w5f52qpgsqb76y37klzxdrpjwy6u6rlfyrzivfuyl3htszidasja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz b74bdd41e69403ff637f52f371c5e9b63d4f4565c4728a96985ecf3965030492

(this sample)

AgentTesla

Executable exe 8d10af8f247bb74f1a3d0878785f3afa173c82d4c881f29dd5b60ea6ed5f6b90

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8d10af8f247bb74f1a3d0878785f3afa173c82d4c881f29dd5b60ea6ed5f6b90
  
Dropping
AgentTesla

Comments