MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f02105e4c477298b002128fadfacf7e66f0aa324ee2720652d4ed413039d672e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f02105e4c477298b002128fadfacf7e66f0aa324ee2720652d4ed413039d672e
SHA3-384 hash: 1ce8074466bfa800b6d23f586e158c210440ac210c412d698a8667714caa1836a5091d09e812f1ea8522cb995a6f221f
SHA1 hash: 5224a644e724f26477055896c77022749ec4ff8c
MD5 hash: 7a5319b3c30034d420f53bf94dee0578
humanhash: carolina-monkey-jupiter-kitten
File name:Bill of Lading_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:578'888 bytes
First seen:2020-11-10 09:35:35 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:Z8ueKb83uUTOpiAax3J+i9P3EslsdFN0TTrAPxs0/cmmZ:Z8+83u+y43o4P3xlsdFNUd0vy
TLSH 11C4233A2536F6763CA3EA5EE416B6D086FC9984BC537F73545800AC1F6B29687B0E40
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "COSCO SHIPPING INC <support@coscoexpress.com>" (likely spoofed)
Received: "from svr01.soapmedia.co.uk (svr01.soapmedia.co.uk [83.223.113.93]) "
Date: "Tue, 10 Nov 2020 09:33:15 +0000"
Subject: "ORIGINAL B/L DOCUMENT / PL"
Attachment: "Bill of Lading_pdf.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

PUA.Win.Exploit.CVE_2012_1461-1
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f02105e4c477298b002128fadfacf7e66f0aa324ee2720652d4ed413039d672e/
Threat name:
Win32.Infostealer.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-11-10 08:51:25 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6aqqlzgeo4uywabbfd5n7lhx4zxqvize5ytsazjnj3kbga45m4xa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz f02105e4c477298b002128fadfacf7e66f0aa324ee2720652d4ed413039d672e

(this sample)

AgentTesla

Executable exe 938f2bb4ae9732027302ba4fb2b0c77a15fe7dcd0a25696b307abb812b58ae17

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 938f2bb4ae9732027302ba4fb2b0c77a15fe7dcd0a25696b307abb812b58ae17
  
Dropping
AgentTesla

Comments