MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bda9bb71cbd7336dfb61e52e25c9a3a5dc583e425564adf22306a222c2899326. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bda9bb71cbd7336dfb61e52e25c9a3a5dc583e425564adf22306a222c2899326
SHA3-384 hash: a90799a325676881fe33d0645467991d18bceddd932d1f781d5fee24b042e9feabdc4992627cc3ef4faf680999aa3c75
SHA1 hash: df8bb00ebd67590f24b00e8d5222273f9155d1b0
MD5 hash: 164b6a11115cef8568f7ecf91172a32f
humanhash: nineteen-robin-music-hawaii
File name:00098765_INV.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:517'870 bytes
First seen:2021-03-03 07:37:48 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:Kgc7cCl8O8t8pDdofpIR1DnX6FroIQzv8P:KNlvXLEheIQzv8P
TLSH AAB4234971E7B5AFD00177E25E7A4CECF0579CB622BA34231D77E2C90FA81D9AA1E104
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: rim-tele.com
Sending IP: 188.128.84.2
From: Engr. Wong Yong Ming <suman.das@pernod-ricard.com>
Subject: RE: PAYMENT SWIFT COPY FOR = USD 80,950.25
Attachment: 00098765_INV.r00 (contains "00098765_INV.exe")

AgentTesla SMTP exfil server:
smtp.rulkeroil.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.15103.21842.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bda9bb71cbd7336dfb61e52e25c9a3a5dc583e425564adf22306a222c2899326/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-03 07:38:17 UTC
AV detection:
5 of 46 (10.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xwu3w4ol24zw363b4uxclsnduxofqpsckvsk34rda2rcfqujsmta._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bda9bb71cbd7336dfb61e52e25c9a3a5dc583e425564adf22306a222c2899326

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 bda9bb71cbd7336dfb61e52e25c9a3a5dc583e425564adf22306a222c2899326

(this sample)

AgentTesla

Executable exe b9c82068f2880f34b3bf0dfb60d5c14c51d9317845cc58cb181a1e2639a960c4

  
Dropping
MD5 1e4880288a84083c85d30691404d3135
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b9c82068f2880f34b3bf0dfb60d5c14c51d9317845cc58cb181a1e2639a960c4

Comments