MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce8d49635f9e0c71258c4a622e77a09c21ee37ac8c3992157f099c8ce3a1585a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce8d49635f9e0c71258c4a622e77a09c21ee37ac8c3992157f099c8ce3a1585a
SHA3-384 hash: 3568b7d4a08d248f16b07070648764534ef3f0a35a08071119efb732c112dd8478137be8c01eb92d20ca555199a57044
SHA1 hash: 3d2dc647ff980aaf45ece1467b36f1abb4d8df33
MD5 hash: 61c1b8eff316d643caaab8b8c33d2f33
humanhash: stream-two-iowa-chicken
File name:LC swift.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:649'183 bytes
First seen:2021-04-20 05:55:05 UTC
Last seen:2021-04-20 06:12:41 UTC
File type: r00
MIME type:application/x-rar
ssdeep 12288:zl8xft06nT4Pp3VURuf81PyfAkMeneOcT+/Y0G59fBf2mN2L:zl8xf1nT4PQuf4KeOcypyfBfHO
TLSH 59D4232714EBE4C750BCBFB01CF115BFA63A93255C49E79760B52F4379BA21B2232824
Reporter cocaman
Tags:AgentTesla INVOICE r00 SWIFT


Avatar
cocaman
Malicious email (T1566.001)
From: "revonda@calendarcompany.com" (likely spoofed)
Received: "from postfix-inbound-4.inbound.mailchannels.net (inbound-egress-6.mailchannels.net [199.10.31.238]) "
Date: "19 Apr 2021 21:34:59 -0700"
Subject: "FW: Attached file of LC swift against Proforma Invoice - PI21-06 DT.22.03.2021 Valued - $28,694.57"
Attachment: "LC swift.r00"

Intelligence

File Origin
# of uploads :
3
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ce8d49635f9e0c71258c4a622e77a09c21ee37ac8c3992157f099c8ce3a1585a/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z2gusy27tyghcjmmjjrc455atqq64n5mrq4zefl7bgoizy5blbna._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.84
Link:
https://yomi.yoroi.company/submissions/ce8d49635f9e0c71258c4a622e77a09c21ee37ac8c3992157f099c8ce3a1585a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 ce8d49635f9e0c71258c4a622e77a09c21ee37ac8c3992157f099c8ce3a1585a

(this sample)

AgentTesla

Executable exe e89219f47b9a6c36c1312fa377b30c1bc356e0eb380e4442e4bee9853dc20e93

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e89219f47b9a6c36c1312fa377b30c1bc356e0eb380e4442e4bee9853dc20e93
  
Dropping
AgentTesla

Comments