MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0f49a33c9fcca9de2e07d7031776b7c3bf199251853e0ce8b470b1244490b8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d0f49a33c9fcca9de2e07d7031776b7c3bf199251853e0ce8b470b1244490b8b
SHA3-384 hash: cadcbbbe7320137971922beb178a7d33c5e09d2673fce4558a013a1a2997faaece8bca43e6b765233e32a5a73961c22b
SHA1 hash: 461fcc35ddd3b8c0f88ec970a5823e2d66500829
MD5 hash: ad1660b2aa88ff5c0192657ad9792d81
humanhash: violet-hot-beer-hamper
File name:HBL-COPY.eml.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:787'849 bytes
First seen:2020-11-04 10:36:43 UTC
Last seen:2020-11-04 20:06:02 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:G9zFOq9SHeSgcteKv23uUgI2TLSYTKeOHFQfrka8UyHiksRsvBM3mjwfnlT4/7VM:G9BOq9pmPulgf6SOlQDO3iIBTwFYVRq
TLSH 05F433D916D68C14BDD84EAA1731D73A5FB177822E0952FF2CA93327D1C7A035A623C8
Reporter GovCERT_CH
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
24
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42665.19753.22312.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d0f49a33c9fcca9de2e07d7031776b7c3bf199251853e0ce8b470b1244490b8b/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-11-03 23:51:03 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2d2jum6j7tfj3yxapvydc53lpq57dgjfdbj6btuli4frercjbofq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d0f49a33c9fcca9de2e07d7031776b7c3bf199251853e0ce8b470b1244490b8b

(this sample)

AgentTesla

Executable exe a26ca2bb8700a20c2f001d5def45dfa3c04357c84d39b3b64812d29e42e9c31d

  
Dropped by
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a26ca2bb8700a20c2f001d5def45dfa3c04357c84d39b3b64812d29e42e9c31d
  
Dropping
MD5 51dcdfc4b5952bcf137715f70ed764fa

Comments