MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e64c975d0b5edf4ee73444c8773ccc1959b534b15b423fc1576efaab0a9ff753. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e64c975d0b5edf4ee73444c8773ccc1959b534b15b423fc1576efaab0a9ff753
SHA3-384 hash: d15f9ec4cc0804ce3378ad3ff311ad89215339a6aa1c42d9e39842db65f0ef0b8d825eaff99fb57aee0f47667a826a52
SHA1 hash: 561afcb1c181ff9f33cc95620e69f4cad2d85da2
MD5 hash: 5aec508a3bfb05062afbbb32736f22f0
humanhash: one-september-missouri-happy
File name:SOA.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:644'185 bytes
First seen:2021-03-22 12:44:54 UTC
Last seen:2021-03-22 12:45:36 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:LxitCnSgm7ebcAuImzvJDUU9LfBZzV6Eh3vL9p03vt3oDdgofSj+fiBXr+l2ZGNe:LxitCnSb7ebcAuImDJU0V3vX03vhwgoW
TLSH 74D423FA91789AF5B9D5E0693DCB4908A0CD4F81F18D2209EF8168DF59CEEC49CE42D4
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "parashar<parashar.pael@pioneerindustries.org>" (likely spoofed)
Received: "from pioneerindustries.org (unknown [185.222.57.157]) "
Date: "22 Mar 2021 05:25:39 -0700"
Subject: "RE; STATEMENT OF ACCOUNT"
Attachment: "SOA.rar"

Intelligence

File Origin
# of uploads :
3
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e64c975d0b5edf4ee73444c8773ccc1959b534b15b423fc1576efaab0a9ff753/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2021-03-22 10:58:27 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4zgjoxill3pu5zzuitehopgmdfm3knfrlnbd7qkxn35kwcu765jq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e64c975d0b5edf4ee73444c8773ccc1959b534b15b423fc1576efaab0a9ff753

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar e64c975d0b5edf4ee73444c8773ccc1959b534b15b423fc1576efaab0a9ff753

(this sample)

AgentTesla

Executable exe 44d375424dc409b81be932eb32b1bde9ce3a57e84e4ca63738bf439a858cc012

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 44d375424dc409b81be932eb32b1bde9ce3a57e84e4ca63738bf439a858cc012
  
Dropping
AgentTesla

Comments