MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d231662d8ae16796eb756ad15634456c866d48db0597df65d3041ac81b02fc70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d231662d8ae16796eb756ad15634456c866d48db0597df65d3041ac81b02fc70
SHA3-384 hash: 42abf1fd66a1191dc7a72e583626a73f1db76dfaa322c6b87d68a362c59a1ddf0f32fc37426e5cd7ec142134aadc3f57
SHA1 hash: f506c81099f17c7d522255c6569b9d8247f17416
MD5 hash: 4e38fb1ad6e43e836d93e38871705d0d
humanhash: delta-jupiter-friend-mockingbird
File name:western union.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:274'542 bytes
First seen:2020-08-12 06:38:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:mM7OjXyUsWAimeqlmUs3UF2a4EPvilTXsqTMt0/MoyxZ9IbfB:mMmiU7Aimef/YboTXzTV1qZGbfB
TLSH 15442320644F3327FD21478F8F648B1671A4FDC20E066CA587129A8AF9DDF6AE1C95C6
Reporter abuse_ch
Tags:AgentTesla FRA geo Outlook rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: EUR06-AM7-obe.outbound.protection.outlook.com
Sending IP: 40.92.16.51
From: M. B/B12 <omo9ja2@hotmail.com>
Subject: les reçu
Attachment: western union.rar (contains "western union.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d231662d8ae16796eb756ad15634456c866d48db0597df65d3041ac81b02fc70/
Threat name:
ByteCode-MSIL.Trojan.Pretoria
Create hunting rule
Status:
Malicious
First seen:
2020-08-12 06:40:07 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2iywmlmk4ftzn23vnlivmncfnsdg2sg3awl56zotaqnmqgyc7rya._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d231662d8ae16796eb756ad15634456c866d48db0597df65d3041ac81b02fc70

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar d231662d8ae16796eb756ad15634456c866d48db0597df65d3041ac81b02fc70

(this sample)

AgentTesla

Executable exe dec081544348d7000fcbd9ee30c3854733dc8b56f808f5dae28a21050fce03a2

  
Dropping
MD5 93847b77be4e04987b33077434737d01
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dec081544348d7000fcbd9ee30c3854733dc8b56f808f5dae28a21050fce03a2

Comments