MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c78c86402c01c1ad3a52bf6597cd3105fc673642e020bb06e8e19422e51243aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c78c86402c01c1ad3a52bf6597cd3105fc673642e020bb06e8e19422e51243aa
SHA3-384 hash: 94005b2f0b0e0a3b6a0ca95d37aabe22a62e0d6289821361876605295f83da2bb91483ea075b2f62f9d9eb737122a403
SHA1 hash: 6ce10485ea43a8f47524cb4469338c2907f648b1
MD5 hash: ecd3ba0f7f9ce655b539bc56a587fe2b
humanhash: social-tennis-montana-october
File name:Proforma Invoice.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:635'355 bytes
First seen:2021-04-19 06:56:02 UTC
Last seen:2021-04-19 06:56:26 UTC
File type: r00
MIME type:application/x-rar
ssdeep 12288:ZY15oXrBJp/yvL3FiK0GKh29YHkXO82FD4B4R+okKpIPYMjITCFdy3Vw:W1OrBzavL3FiK0LgYExWNRWKPOITCFdF
TLSH CAD42323CEC07DA391903D9EB8F447398AD1DBCA1DE883A2C9FC98A3615476558C6FC5
Reporter cocaman
Tags:AgentTesla INVOICE r00


Avatar
cocaman
Malicious email (T1566.001)
From: "Finance Manager <sales@c-accts.info>" (likely spoofed)
Received: "from smtp-gw.fpcci.org.pk (smtp-gw.fpcci.org.pk [124.29.202.102]) "
Date: "Mon, 19 Apr 2021 07:26:23 +0100"
Subject: "Proforma Invoice"
Attachment: "Proforma Invoice.r00"

Intelligence

File Origin
# of uploads :
2
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27502.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c78c86402c01c1ad3a52bf6597cd3105fc673642e020bb06e8e19422e51243aa/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y6gimqbmaha22ossx5szptjrax6gonsc4aqlwbxi4gkcfzisiova._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c78c86402c01c1ad3a52bf6597cd3105fc673642e020bb06e8e19422e51243aa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 c78c86402c01c1ad3a52bf6597cd3105fc673642e020bb06e8e19422e51243aa

(this sample)

AgentTesla

Executable exe 75b5a3352b14a3d4a5dcbf496a997507edd6d5fdd641fdd37747f21ec6ae7efd

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 75b5a3352b14a3d4a5dcbf496a997507edd6d5fdd641fdd37747f21ec6ae7efd
  
Dropping
AgentTesla

Comments