MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bda82ab0bdd4a44c18bcf7f3f6442d4670aa92d6009a6ba941785adee96311e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bda82ab0bdd4a44c18bcf7f3f6442d4670aa92d6009a6ba941785adee96311e8
SHA3-384 hash: 53a18ffa63d253f14a08288117cd3669351e36ab4b9314f6b81fec2ab9dde948906b0a2f7fa285b6c0e43777ea9c2077
SHA1 hash: 85582d5cde59746d9279b8d51c962039efdb0e03
MD5 hash: f71d0c4c280f0783b33cd8f51610438a
humanhash: autumn-lima-single-solar
File name:Urgent Quotation Request for Sundry and Co Related Items - Quote request sheet.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:677'316 bytes
First seen:2020-12-29 12:03:26 UTC
Last seen:2020-12-29 12:04:22 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:jN6YP5G4yjSGrHzKOaceBRyXTVEzSlaUSpLEcTT+ZZ9B1hZzZAWWg:jBxFyua7eyXTVE2Mu1PZd
TLSH 8EE423BB6F060487FE663E7A75C3F4909EDB4292DA8DD77AA1EC1350802F409994706E
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "<daniela@martellettina.xyz>" (likely spoofed)
Received: "from box.martellettina.xyz (box.martellettina.xyz [188.166.44.139]) "
Date: "Tue, 29 Dec 2020 01:21:03 -0800"
Subject: "Business Inquiry"
Attachment: "Urgent Quotation Request for Sundry and Co Related Items - Quote request sheet.rar"

Intelligence

File Origin
# of uploads :
2
# of downloads :
403
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bda82ab0bdd4a44c18bcf7f3f6442d4670aa92d6009a6ba941785adee96311e8/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2020-12-29 12:04:05 UTC
File Type:
Binary (Archive)
Extracted files:
20
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xwucvmf52sseygf467z7mrbnizykvewwacngxkkbpbnn52ldchua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bda82ab0bdd4a44c18bcf7f3f6442d4670aa92d6009a6ba941785adee96311e8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar bda82ab0bdd4a44c18bcf7f3f6442d4670aa92d6009a6ba941785adee96311e8

(this sample)

AgentTesla

Executable exe d6a84c0371958157ad4f7645e34bc8128ffcf70d3cc5ee64eb76142cc41dc27a

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d6a84c0371958157ad4f7645e34bc8128ffcf70d3cc5ee64eb76142cc41dc27a
  
Dropping
AgentTesla

Comments