MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d526dab9c080204906723ff1db7eb667463273ac6b9f4293370484b9980cbd13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d526dab9c080204906723ff1db7eb667463273ac6b9f4293370484b9980cbd13
SHA3-384 hash: 7a5a8ebe6e9ed5cfd94b17b7676028f1d75081ce51a325914fe75b078823fec9fbcd535291efd834c3305e2ea595ed57
SHA1 hash: 0496d23b4edd5d88934a5431c3691dde964c529f
MD5 hash: 50ff3364a56f0deda9654332fbd4e01e
humanhash: river-solar-missouri-don
File name:Shipping document.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:303'888 bytes
First seen:2022-12-16 16:13:21 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:AhPQ3Zp8VbrJ7olS+MO/ap1UHMKoXlG8oGT6HmTfExDzD2mnIv:w28Rd7FOiftKU5TOmfu/Dfc
TLSH T1F95423165A081ABED433C9EECC4BB5BABE47600A645FC8743E423DE89500A1F761DA8D
TrID 58.3% (.RAR) RAR compressed archive (v-4.x) (7000/1)
41.6% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:AgentTesla rar Shipping


Avatar
cocaman
Malicious email (T1566.001)
From: ""Vua Kem" <vuakem@vuakem.com>" (likely spoofed)
Received: "from vuakem.com (unknown [45.137.22.173]) "
Date: "10 Dec 2022 17:14:25 +0100"
Subject: "RE: SHIPPING DOC (CI,COO,PL,BL)"
Attachment: "Shipping document.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
n/a
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Shipping document.exe
File size:487'936 bytes
SHA256 hash: 5f2236ca0b43e80e806c02bf3d5c2a35f0b31d9f620b9bf19604d9e47bb3cd44
MD5 hash: d5ffd38af109fcb529f70d70e789be47
MIME type:application/x-dosexec
Signature AgentTesla
Vendor Threat Intelligence
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/d526dab9c080204906723ff1db7eb667463273ac6b9f4293370484b9980cbd13/results/dashboard
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d526dab9c080204906723ff1db7eb667463273ac6b9f4293370484b9980cbd13/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-12-10 15:59:04 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2utnvooaqaqesbtsh7y5w7vwm5dde45mnopufezxascltgamxujq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/d526dab9c080204906723ff1db7eb667463273ac6b9f4293370484b9980cbd13

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar d526dab9c080204906723ff1db7eb667463273ac6b9f4293370484b9980cbd13

(this sample)

AgentTesla

Executable exe 5f2236ca0b43e80e806c02bf3d5c2a35f0b31d9f620b9bf19604d9e47bb3cd44

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5f2236ca0b43e80e806c02bf3d5c2a35f0b31d9f620b9bf19604d9e47bb3cd44
  
Dropping
AgentTesla

Comments