MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5123b24fb0504e77f75f40f00478fad5e339a937c482080a3d733962312d400. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


XpertRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5123b24fb0504e77f75f40f00478fad5e339a937c482080a3d733962312d400
SHA3-384 hash: 5b31efc70173f8b70c88dda11dea404c6cf864b792c8153cd0420064e3e82107175cc0ca1992db82321fcde47d98e462
SHA1 hash: 677922a846fdd52522f8f36da15f09c893d6b4c3
MD5 hash: 1c4d2f2a314eb5f9465e6ff58e6d6bfa
humanhash: william-mountain-virginia-don
File name:C202000000164556_pdf.gz
Download: download sample
Signature XpertRAT
Create hunting rule
File size:675'891 bytes
First seen:2020-10-23 11:38:41 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:rs64XWz6XCSjCx1ZY6u6/2CBS0qt6jzS3ZrJSgpENzkpIG0:AfXhXSxwwfSqjz00ZApIj
TLSH 98E433B3DBECB968C606C6AB82D9DC9DDA4787508B3CF5A49914391760E4C224FD43D3
Reporter abuse_ch
Tags:gz RAT XpertRAT


Avatar
abuse_ch
Malspam distributing XpertRAT:

HELO: 32490AF.online-server.cloud
Sending IP: 82.223.103.239
From: Maria Grazia <g.seminario@las-srl.it>
Subject: RV: YOUR INVOICE REQUEST
Attachment: C202000000164556_pdf.gz (contains "C202000000164556_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e5123b24fb0504e77f75f40f00478fad5e339a937c482080a3d733962312d400/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 09:47:27 UTC
AV detection:
20 of 27 (74.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ujdwjh3aucoo73v6qhqar4pvvpdhgutprecbafd24zzmiys2qaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e5123b24fb0504e77f75f40f00478fad5e339a937c482080a3d733962312d400

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

XpertRAT

gz e5123b24fb0504e77f75f40f00478fad5e339a937c482080a3d733962312d400

(this sample)

XpertRAT

Executable exe c675725093fc52813ef776f4c04acb080bcc017691987fd2c8db555911f6ab13

  
Dropping
MD5 672849391b8b92a05c59640f1765b3d0
  
Dropping
XpertRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c675725093fc52813ef776f4c04acb080bcc017691987fd2c8db555911f6ab13

Comments