MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8199c30edc544b24e479f396e0982337af82235cdb7b0e36c1a9e6e7bddc107. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c8199c30edc544b24e479f396e0982337af82235cdb7b0e36c1a9e6e7bddc107
SHA3-384 hash: 84962ea2df6f0dde0ec111aeb5f215496c457a4e4fb23970bb8df3c33f3da0d69826e20ce7c26cb6bc69de5a96fea12c
SHA1 hash: a10223dcc2bb2ddddcaf91fd9defb363401dba92
MD5 hash: fa80943e564c6bd196f31cc388e89222
humanhash: oklahoma-lima-romeo-undress
File name:bank debit.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:634'430 bytes
First seen:2022-06-06 07:46:31 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:y0IoTk5gATcoCVP/9lavENfuztReNssl/90EObmDQRVoEM89GmuBbSS4eH:y0IoILTwVPllkE9uzDeFBWE2gQRV48fS
TLSH T1C1D423477940321610236891A86CDC9BB9F6F973729E535B682CBC58964ABC7F3D2FC0
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:AgentTesla INVOICE r00


Avatar
cocaman
Malicious email (T1566.001)
From: "<Jane Pollard> jane@catalystaccounting.com.au" (likely spoofed)
Received: "from catalystaccounting.com.au (unknown [45.137.22.110]) "
Date: "06 Jun 2022 02:55:55 +0200"
Subject: "The attached invoice has been paid in duplicate open the invoice.."
Attachment: "bank debit.r00"

Intelligence

File Origin
# of uploads :
1
# of downloads :
249
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c8199c30edc544b24e479f396e0982337af82235cdb7b0e36c1a9e6e7bddc107/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-06-05 23:49:34 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
16 of 41 (39.02%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zamzymhnyvcletsht44w4cmcgn5pqirvzw33by3mdkpg4665yedq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.61
Link:
https://yomi.yoroi.company/submissions/c8199c30edc544b24e479f396e0982337af82235cdb7b0e36c1a9e6e7bddc107

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 c8199c30edc544b24e479f396e0982337af82235cdb7b0e36c1a9e6e7bddc107

(this sample)

AgentTesla

Executable exe 63cdda46a08c3038d94c60c3dd0ac398eb2d5b56568870bd4128b835a41d7c4d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 63cdda46a08c3038d94c60c3dd0ac398eb2d5b56568870bd4128b835a41d7c4d
  
Dropping
MD5 b5fbf8ee3c25415a91dcf897ee20a98a

Comments