MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b77d3d0310bf8624cd3adde0ad12dec926217724353794b8778bc5ff82c0a7d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b77d3d0310bf8624cd3adde0ad12dec926217724353794b8778bc5ff82c0a7d4
SHA3-384 hash: 803a0bd3c2916d81a18167245593102646c6a4a7b5a24070dbce0777294c28b31423cab6c14765ce6d06bcc83edc46d1
SHA1 hash: dd374f84c4f89b06e78fb5482877ed871e9510ce
MD5 hash: 8e567626f7b54ad521777c9b65ca1dc2
humanhash: wolfram-illinois-lion-winter
File name:Purchase order.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:281'661 bytes
First seen:2021-03-03 07:27:58 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:cSIAlIQsaz3W4wcm4S3f48m87Lxj0LSjzpbv6Hr:LIAuQs3cm4hhYjs9L
TLSH AE5423273ACF9C0357B5E67ACC81FD184B6AF9D35D9B126BC88D34D2222B308519275A
Reporter abuse_ch
Tags:cab


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mailer12-1.incnets.com
Sending IP: 210.6.92.81
From: Gil-cheol Lee <info@319.grvo.gq>
Subject: Request for quotation
Attachment: Purchase order.cab (contains "stic.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.45826442.14339.22722.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b77d3d0310bf8624cd3adde0ad12dec926217724353794b8778bc5ff82c0a7d4/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-03 04:00:03 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w56t2ayqx6dcjtj23xqk2ew6zetcc5zegu3zjodxrpc77awau7ka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/b77d3d0310bf8624cd3adde0ad12dec926217724353794b8778bc5ff82c0a7d4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab b77d3d0310bf8624cd3adde0ad12dec926217724353794b8778bc5ff82c0a7d4

(this sample)

AgentTesla

Executable exe b754130be2d194ca340e9df670188ef141598e82cd407e5824d42a09f4fef57d

  
Dropping
MD5 e0e2a4278250dfb50fcbdb4332846713
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b754130be2d194ca340e9df670188ef141598e82cd407e5824d42a09f4fef57d

Comments