MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 baf37b9a0d243292f951414947aa3feb27d4ef6a7ff98c767ad6e470cc46c7da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: baf37b9a0d243292f951414947aa3feb27d4ef6a7ff98c767ad6e470cc46c7da
SHA3-384 hash: 19cbe349e7cfa7a98e5e5e517a5e255993003c84df46e9c05effef49b754e82eb21e6b8db5959e8b71d82bd91b129201
SHA1 hash: ff01c8f6ee8a0345ed72a1ff8cc367f71b03859d
MD5 hash: 3c8d312921e75536eaeb3fa5ad0c5078
humanhash: carolina-network-artist-pip
File name:Additional documents.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:541'944 bytes
First seen:2021-02-15 12:14:27 UTC
Last seen:2021-02-16 02:06:09 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:15TtTh7KdEqb/JnbcwawUum+g6R7BrNZqpMxbPsZIX:1NufdckKL6RlrKskZIX
TLSH 45B4236AEB67CFD695B18927224C1E432A5D161DDEF980841FFD0827AE8CF1379D3482
Reporter GovCERT_CH
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42845.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/baf37b9a0d243292f951414947aa3feb27d4ef6a7ff98c767ad6e470cc46c7da/
Threat name:
ByteCode-MSIL.Trojan.Artemis
Create hunting rule
Status:
Malicious
First seen:
2021-02-15 07:38:38 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xlzxxgqneqzjf6krifeupkr75mt5j33kp74yy5t223shbtcgy7na._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/baf37b9a0d243292f951414947aa3feb27d4ef6a7ff98c767ad6e470cc46c7da

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip baf37b9a0d243292f951414947aa3feb27d4ef6a7ff98c767ad6e470cc46c7da

(this sample)

AgentTesla

Executable exe 8edf23c4454fd98bd716452dc825103d48d9d34e71ef9f5166c81712865d3d9e

  
Dropped by
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8edf23c4454fd98bd716452dc825103d48d9d34e71ef9f5166c81712865d3d9e
  
Dropping
MD5 1cf7421f5b8fe49830437f7953b00e88

Comments