MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d948e2e5b7923679b32213880208686393e5900de3fd81d292a11eaa79cd90cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d948e2e5b7923679b32213880208686393e5900de3fd81d292a11eaa79cd90cf
SHA3-384 hash: 98b21fdbc6956f38a15631d103dfbfefa505a14a79204604ee2f0359a1446a742fc05a68a2e9dc188ec210ebf40b3fda
SHA1 hash: 4484647fc1cf7e42a40f68b7ab04f960391081b2
MD5 hash: 8d86c96a7c5fc4396a0af3636251758b
humanhash: yankee-asparagus-oranges-juliet
File name:Pro-forma_invoice9122022.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:330'846 bytes
First seen:2022-12-16 14:47:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:ivr9Lb5IHXwl0vXZl/takuaEOlWXyK1ar53ha5+XxS0PQr7DtN8eoCuObr2I51qF:ivr9L1xoZ1buv2WCt3k5DF7n85bG2I52
TLSH T1B564236E50F58E299FB8C9F85D2C1573DD2EC6B012A91ABFA60F05B855BDF1C7240AC0
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:AgentTesla INVOICE rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Chirag Goel<info@wajihcontracting.com>" (likely spoofed)
Received: "from wajihcontracting.com (unknown [45.137.22.89]) "
Date: "09 Dec 2022 16:00:02 +0100"
Subject: "Pro-Forma Invoice / B/L # MAW-287927 // Geofluid Processors // 69817455 / DASM 3082"
Attachment: "Pro-forma_invoice9122022.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
129
Origin country :
n/a
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Pro-forma_invoice9122022.exe
File size:465'920 bytes
SHA256 hash: b67c389fc71d512caba10e28fb950648a2971e42581698e1191f7583da2b8309
MD5 hash: 9c9543736a245130d2219c23d8e96394
MIME type:application/x-dosexec
Signature AgentTesla
Vendor Threat Intelligence
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/d948e2e5b7923679b32213880208686393e5900de3fd81d292a11eaa79cd90cf/results/dashboard
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d948e2e5b7923679b32213880208686393e5900de3fd81d292a11eaa79cd90cf/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-12-09 17:12:39 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
25 of 41 (60.98%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3feofznxsi3htmzccoeaecdimoj6lean4p6yduusuepku6onsdhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/d948e2e5b7923679b32213880208686393e5900de3fd81d292a11eaa79cd90cf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar d948e2e5b7923679b32213880208686393e5900de3fd81d292a11eaa79cd90cf

(this sample)

AgentTesla

Executable exe b67c389fc71d512caba10e28fb950648a2971e42581698e1191f7583da2b8309

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b67c389fc71d512caba10e28fb950648a2971e42581698e1191f7583da2b8309
  
Dropping
AgentTesla

Comments