MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef0b56734c3dce438e8f0debd25b94d7185361f5e2b6c0244d16e427629a9294. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef0b56734c3dce438e8f0debd25b94d7185361f5e2b6c0244d16e427629a9294
SHA3-384 hash: 6544acad794ad07c66517997ca5c2d05fc5445d875822a0bc3623e175981753f89768b8aba1d7cb9e625007355de3a87
SHA1 hash: 32a0cea362105fdc94c3cf0a1c2e1d75167633f1
MD5 hash: c32f47c34a6317933e4d2e6736b15260
humanhash: eleven-crazy-kansas-iowa
File name:purchase order 115589#.uue
Download: download sample
Signature AgentTesla
Create hunting rule
File size:951'744 bytes
First seen:2020-07-20 05:04:57 UTC
Last seen:2020-07-20 05:05:01 UTC
File type: uue
MIME type:application/x-rar
ssdeep 24576:KbUGmJpl8X0zhtOv0jQKimSfk4c3xtVuQkue/FavFxAgNqfG:KbUGApi2Ov0jQKim43c3fTkue/kIgMfG
TLSH C21533EF2362449389D6D4E71E7B9D28EFA6FF27D79C0CA6C4146642064B0F74BE4608
Reporter cocaman
Tags:AgentTesla uue


Avatar
cocaman
Malicious email
From: info@hooree.tk
Received: from slot0.hooree.tk (unknown [173.82.187.194])
Date: Mon, 20 Jul 2020 00:17:35 +0000
Subject: Re: Purchase order
Attachment: purchase order 115589#.uue

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ef0b56734c3dce438e8f0debd25b94d7185361f5e2b6c0244d16e427629a9294/
Threat name:
Win32.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-07-19 23:53:54 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=54fvm42mhxhehdupbxv5ew4u24mfgypv4k3majcnc3scoyu2skka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ef0b56734c3dce438e8f0debd25b94d7185361f5e2b6c0244d16e427629a9294

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

uue ef0b56734c3dce438e8f0debd25b94d7185361f5e2b6c0244d16e427629a9294

(this sample)

AgentTesla

Executable exe 5653b1af20456384193f0f45cb4b6d20713a834e69d9491da3f8016779b10fc4

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5653b1af20456384193f0f45cb4b6d20713a834e69d9491da3f8016779b10fc4
  
Dropping
AgentTesla

Comments