MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3d2fbe1afcfdd726069b3c7f6913d4513976e7afcf8ce7b93fe852a5b60a00b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e3d2fbe1afcfdd726069b3c7f6913d4513976e7afcf8ce7b93fe852a5b60a00b
SHA3-384 hash: 5d0013c578c00849f0f56684c54fd8855f33298c2e0be7c2ab6d8b4850d5c5cf8b3d8debbc05591a47bbf1848ccc5afe
SHA1 hash: f807938283016b7d885c48ed4ab2b1f090f36824
MD5 hash: 7fd56807ced09e181ba31ea14357c8b9
humanhash: two-illinois-carolina-gee
File name:Invoice pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:634'863 bytes
First seen:2023-08-03 06:42:33 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:JS0Amxc1rcpV1mjN8INLW8fWcqwsTdn2WzZTQaQuZwwxT9ZN3RvkTmSA/n:U0fhCN8INLJWBNpn9ZTQavZ19ZN3Gq/
TLSH T1B3D4235D1F5E4B12C3BC12B09B6EFFA73F64A3F2222BE451902E06C4DD2990971ED429
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:AgentTesla INVOICE z


Avatar
cocaman
Malicious email (T1566.001)
From: "Ashuila Maria<rud-division@alkuhaimi.com>" (likely spoofed)
Received: "from alkuhaimi.com (unknown [37.139.129.247]) "
Date: "3 Aug 2023 01:19:45 +0200"
Subject: "fwd: Proforma Invoice"
Attachment: "Invoice pdf.z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Invoice pdf.exe
File size:762'880 bytes
SHA256 hash: acedd97c8350bacc485e87ae56c851d08b497c202deb46df28c3e7218cb4469a
MD5 hash: 86a5e1ce056d4f26c7adeb72c820a344
MIME type:application/x-dosexec
Signature AgentTesla
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27342.RarHeur.v5.HideExt.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
masquerade packed
Link:
https://www.filescan.io/uploads/64cb4c78539838c2be5207ce/reports/6bb99a60-fa78-4fbe-8f84-9f2686ec2649/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/e3d2fbe1afcfdd726069b3c7f6913d4513976e7afcf8ce7b93fe852a5b60a00b
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e3d2fbe1afcfdd726069b3c7f6913d4513976e7afcf8ce7b93fe852a5b60a00b/
Threat name:
Win32.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2023-08-02 19:56:25 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
26 of 36 (72.22%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4pjpxynpz7oxeydjwpd7nej5iujzo3t27t4m464t72csuw3auafq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z e3d2fbe1afcfdd726069b3c7f6913d4513976e7afcf8ce7b93fe852a5b60a00b

(this sample)

AgentTesla

Executable exe acedd97c8350bacc485e87ae56c851d08b497c202deb46df28c3e7218cb4469a

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 acedd97c8350bacc485e87ae56c851d08b497c202deb46df28c3e7218cb4469a
  
Dropping
AgentTesla

Comments