MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d9fb674eb6b5cbeb6155a9e2dea89f64bf234d81e0f082b0431b8c7f246a8f3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	d9fb674eb6b5cbeb6155a9e2dea89f64bf234d81e0f082b0431b8c7f246a8f3f
SHA3-384 hash:	7813584c4c10e65e514817dfb1ae8f22b566e97874e60a5ddc54a9fe14492b3e1b980486eb521cb8bc4d6a9a75e6f1f4
SHA1 hash:	8d40cd56a7ffa98dd1f152b3e3f8c9c0c0d196b1
MD5 hash:	06cfe8c9bba926e98c3fc541f062e89d
humanhash:	cola-west-king-golf
File name:	loader.ps1
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	607 bytes
First seen:	2021-02-09 10:34:23 UTC
Last seen:	2021-02-09 14:54:50 UTC
File type:	ps1
MIME type:	text/plain
ssdeep	12:tOdd55n2imh61/cOFdAsZggd3pm9ifjjkOj9GgxdOZ9y5PmBQN6W+eSida9+6spn:tAU6COFdAgg2EKjjvMgmZcZmaN6WAiks
Threatray	2'508 similar samples on MalwareBazaar
TLSH	88F0DD21DD8EE180454233A258DFCB05E8A853924392FD427A60DA73F09A6AC82E89A0
Reporter	JAMESWT_WT
Tags:	AgentTesla Loader ps1

Intelligence

File Origin

# of uploads :

2

# of downloads :

198

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

UNKNOWN

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d9fb674eb6b5cbeb6155a9e2dea89f64bf234d81e0f082b0431b8c7f246a8f3f/

Threat name:

Script-PowerShell.Downloader.Heuristic

Status:

Malicious

First seen:

2021-02-09 10:35:07 UTC

File Type:

Text

AV detection:

2 of 48 (4.17%)

Threat level:

2/5

Verdict:

malicious

Label(s):

agenttesla

Similar samples:

00f5c6bba9ef3a6af2ae5195c89e46529744e9cf4eabe9d1d8959a068970b93a

11984c9c8d7bfe34b27fd41ea7f08f7b97923a8c4cf0316138d34bd90cb1a38a

144c28f64d5e23966923a2a0c779286494f27b3fba1ccde62731d861d7852461

4afc70d7e08f66f587fd37ce1848989853a7405435e92a3d25652781dec66348

5a3f9d251d83e67be84a067e354a950596478b1fc2cd6d6d1cbb07f6ca57b557

74c2f8176fadf84bb04083901d52033b0975245676b45cd8607d80bebc91e570

7cd9cc024ac14877dd66ec64c36fd9b6cfb3a731aa90afaf04a99b790f1fefae

a261898485667823b47ab6885b0cd8c16d126bc0f1671dd7aeb9b675aa01aff0

c21d2f1d2c5dad844ee2c789b2a424f0808e9eaf4edbf4319dca34531aacbe2c

e694eadb2f24bf7de44a2cc1d1fbc3d2e84d83d6cac2be444aef377bea95cc29

+ 2'498 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/d9fb674eb6b5cbeb6155a9e2dea89f64bf234d81e0f082b0431b8c7f246a8f3f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample