MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9820d948742b654c6c8eace94735cf8e1376db1cb8bae1714ce8f6100269db8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9820d948742b654c6c8eace94735cf8e1376db1cb8bae1714ce8f6100269db8
SHA3-384 hash: b00b1766a7a0b4da0466fc73d7f022a36e3e0326b76726273b60cd94122aedeef5dfb55b34902c8f831aef99beab9429
SHA1 hash: 495918bfa815a58d69e8213d967be79d8578db52
MD5 hash: 82e1fea401551d5d92326d535becb846
humanhash: maryland-jersey-whiskey-earth
File name:RFQ_SMK01042021.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:426'401 bytes
First seen:2021-04-01 07:18:24 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:7RFlu2kUmN3OOKWyMFJBNJ+XYJrFFOkmbpn2Zm:7E2TmZRKWNnNFFW1n2Zm
TLSH 0F942388634C91346E807AE7E1DFD81E652DE96AEF8124784B4C3E6B3C1A3E485D06D3
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Alkan Yilmaz <KAM@itsprecision.com.sg>" (likely spoofed)
Received: "from vds43712ua.hyperhost.name (vds43712ua.hyperhost.name [195.54.163.148]) "
Date: "Thu, 01 Apr 2021 00:03:17 -0700"
Subject: "RFQ SMK 2021"
Attachment: "RFQ_SMK01042021.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b9820d948742b654c6c8eace94735cf8e1376db1cb8bae1714ce8f6100269db8/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-01 07:19:05 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
8 of 44 (18.18%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xgba3fehik3fjrwi5lhji4247dqto3nrzof24fyuz2hwcabgtw4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/b9820d948742b654c6c8eace94735cf8e1376db1cb8bae1714ce8f6100269db8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar b9820d948742b654c6c8eace94735cf8e1376db1cb8bae1714ce8f6100269db8

(this sample)

AgentTesla

Executable exe aeef9ef2024eace360ddbacf7e264e90059d2afb1b0090ea94bfec5857e8f9b0

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aeef9ef2024eace360ddbacf7e264e90059d2afb1b0090ea94bfec5857e8f9b0
  
Dropping
AgentTesla

Comments