MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e411b668208ee3dd78c63631ae14d3a344d89e2e6c0584194490be9722e16b87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e411b668208ee3dd78c63631ae14d3a344d89e2e6c0584194490be9722e16b87
SHA3-384 hash: 7ef653abdbac1de9ff6863fb591202d8298456a5ee0bfb2f12931a06efc468bf48d25406b6e531464d459f83928a7756
SHA1 hash: 7beaa61bc7052fdeddb34587f32e36c16ba3adf4
MD5 hash: 7d89cc96825b503c52114b22a3e3f8a3
humanhash: robin-kitten-table-spring
File name:Order.pdf.r04
Download: download sample
Signature AgentTesla
Create hunting rule
File size:567'449 bytes
First seen:2021-06-18 05:48:11 UTC
Last seen:Never
File type: r04
MIME type:application/x-rar
ssdeep 12288:F4fWm82xbfXmnAyRLlJLqh5DkGXQZ4FAsebwbj1TLbOC+IMh:obf/WH85jXQeafwbj1vt+IA
TLSH 0FC423F3D4DF16A9A6C70E15135FAF5D462EEAF50A8981E5AA08C643B75383C4322C73
Reporter cocaman
Tags:r04


Avatar
cocaman
Malicious email (T1566.001)
From: "valerie.lefevre@labomoderne.com" (likely spoofed)
Received: "from mailbe04.hoster.by (mailbe04.hoster.by [93.125.31.217]) "
Date: "17 Jun 2021 21:08:54 +0300"
Subject: "Re: Purchase Order"
Attachment: "Order.pdf.r04"

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e411b668208ee3dd78c63631ae14d3a344d89e2e6c0584194490be9722e16b87/
Threat name:
Win32.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2021-06-17 18:31:13 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
11 of 46 (23.91%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4qi3m2bar3r526gggyy24fgtuncnrhronqcyigkesc7joixbnodq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e411b668208ee3dd78c63631ae14d3a344d89e2e6c0584194490be9722e16b87

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r04 e411b668208ee3dd78c63631ae14d3a344d89e2e6c0584194490be9722e16b87

(this sample)

AgentTesla

Executable exe ed5763662cab2ac5ba8c629f7962bafce36798a1eb84c5859cf57a4c27b413ee

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ed5763662cab2ac5ba8c629f7962bafce36798a1eb84c5859cf57a4c27b413ee

Comments