MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dfebf756031e6a361230293acf55d683c069da521b36f8bfc7b3c4a41b8d0a84. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dfebf756031e6a361230293acf55d683c069da521b36f8bfc7b3c4a41b8d0a84
SHA3-384 hash: 115ffc9fb26a2e8e9f81aa6f913c2494153286233f3c6d7b38f49fce97d00d8858b4f867ffacca2ca81c32d7becf0254
SHA1 hash: 9481fd097acae6f17a336ac0c238921ac1f73fa3
MD5 hash: 51168b0ad51cb3cf86ff29c5ee96e82e
humanhash: steak-zebra-football-aspen
File name:MT 103 - 000FLCDA200XXX.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:387'236 bytes
First seen:2020-11-22 15:31:41 UTC
Last seen:2020-11-22 16:19:54 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:NTUfSCggbpkkX2egCgdA4Z4JVY5nrP8hsEWEPWZ8xl68c0GER650+BPVTV6oMqei:NTsWki5+Vlhs7Z8xl61ER60+BPGoMAz
TLSH 918423EDD252B2FBEBD8E11BDB8C4693864F2512EC3DB5E44C47784AB0C2C178609769
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Franco Sforza <Franco.Sforza@tag-italia.net>" (likely spoofed)
Received: "from postfix-inbound-5.inbound.mailchannels.net (inbound-egress-6.mailchannels.net [199.10.31.238]) "
Date: "22 Nov 2020 04:20:44 -0800"
Subject: "Fw: Final Proforma Invoice"
Attachment: "MT 103 - 000FLCDA200XXX.rar"

Intelligence

File Origin
# of uploads :
2
# of downloads :
204
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dfebf756031e6a361230293acf55d683c069da521b36f8bfc7b3c4a41b8d0a84/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 02:09:01 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=37v7ovqddzvdmerqfe5m6vowqpagtwssdm3prp6hwpckig4nbkca._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/dfebf756031e6a361230293acf55d683c069da521b36f8bfc7b3c4a41b8d0a84

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar dfebf756031e6a361230293acf55d683c069da521b36f8bfc7b3c4a41b8d0a84

(this sample)

AgentTesla

Executable exe 18ec601c567f4c05a0ea6b5c9a3a6f4d85569f046c2f56b4e75ade41bb41cdd7

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 18ec601c567f4c05a0ea6b5c9a3a6f4d85569f046c2f56b4e75ade41bb41cdd7
  
Dropping
AgentTesla

Comments