MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0815089947a7382b8f6b779089197611f0869cd4724d250170b59e203373a9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0815089947a7382b8f6b779089197611f0869cd4724d250170b59e203373a9a
SHA3-384 hash: d7d9497e716bfac812c36dc6a536e0b681e026a02c254dbbe0ff6d7b5a7630fd04cfde24ed030549c30a8de7a4c5e99c
SHA1 hash: 8b12696886a6200867dfe4c000447fdf8329a015
MD5 hash: 9bcf50704dfa326c3b6b9ef9c43d9bf3
humanhash: may-violet-gee-diet
File name:commercial invoice packing list bill of lading shipping document from 816_249.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:499'986 bytes
First seen:2021-02-17 14:12:01 UTC
Last seen:2021-02-17 14:33:02 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:1EkOe+pKhkt/SC2lIrTwxRUOYCO7Kr8Rz1KdZocQKz+M9:1EkWKvC0icx2O47Kr8rKdxQW79
TLSH 8CB423B182F7299D927F0B790D3651A43CF27C5D042C344FAC4468AFDAF85EB886166B
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Ciprian Blaj <ciprian.blaj@martellettina.xyz>" (likely spoofed)
Received: "from box.martellettina.xyz (box.martellettina.xyz [188.166.95.17]) "
Date: "17 Feb 2021 06:04:59 -0800"
Subject: "All Shipping Document from 816_249"
Attachment: "commercial invoice packing list bill of lading shipping document from 816_249.rar"

Intelligence

File Origin
# of uploads :
4
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c0815089947a7382b8f6b779089197611f0869cd4724d250170b59e203373a9a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-17 14:12:07 UTC
File Type:
Binary (Archive)
Extracted files:
95
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ycavbcmupjzyfohww54qremxmepqq2oni4sneuaxbnm6eazxhkna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar c0815089947a7382b8f6b779089197611f0869cd4724d250170b59e203373a9a

(this sample)

AgentTesla

Executable exe b7100d4e869329857f90ba16e477f2c4c48c5727d22fbbe1527000e99c447ece

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b7100d4e869329857f90ba16e477f2c4c48c5727d22fbbe1527000e99c447ece
  
Dropping
AgentTesla

Comments