MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c97ab03003b332f99d5616a0d75edb2ff912a4ba04e2881b8eabac4ac7f3b579. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c97ab03003b332f99d5616a0d75edb2ff912a4ba04e2881b8eabac4ac7f3b579
SHA3-384 hash: 9b477d3a3eca613a8410600ce05acafd880e39ac825e0d572fb3bda3a78014d2b8ded163bab2e36e3eab8a422909147e
SHA1 hash: 9f72a3c7baee0ca10c960c6aa3de98d4dd7eb65c
MD5 hash: 95186a7a5af14f49bbffff80424a50c7
humanhash: fix-ack-magnesium-eight
File name:QUOTATION.XZ
Download: download sample
Signature AgentTesla
Create hunting rule
File size:442'027 bytes
First seen:2020-07-14 06:04:31 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 12288:K3x7ax3nj7/z+XYCpKF4n6/u0DCGyZ4ci:K3x7ax3j7CXVpsf/vyZI
TLSH EE9423924DA952AD38C4C163DD10D70CAF8DE326F1BB7620621CE34986CE7A69F90DF5
Reporter cocaman
Tags:AgentTesla xz


Avatar
cocaman
Malicious email
From: jason@sigasia.org
Received: from 142-4-22-49.unifiedlayer.com (142-4-22-49.unifiedlayer.com [142.4.22.49])
Date: Mon, 13 Jul 2020 18:36:12 -0600
Subject: RE:QUOTATION
Attachment: QUOTATION.XZ

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200714-1150.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c97ab03003b332f99d5616a0d75edb2ff912a4ba04e2881b8eabac4ac7f3b579/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-14 06:06:06 UTC
File Type:
Binary (Archive)
Extracted files:
61
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zf5lamadwmzpthkwc2qnoxw3f74rfjf2atriqg4ovowevr7twv4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

xz c97ab03003b332f99d5616a0d75edb2ff912a4ba04e2881b8eabac4ac7f3b579

(this sample)

AgentTesla

Executable exe a884c6f90ec51dc6d39304e05efe5820d5c11afcd90abeaca8969b4adb9448e7

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a884c6f90ec51dc6d39304e05efe5820d5c11afcd90abeaca8969b4adb9448e7
  
Dropping
AgentTesla

Comments