MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1270ce895ff157fdf1831ce5bf58142b2f3dc9ed85bcb54ebe9f48a9b9e76e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f1270ce895ff157fdf1831ce5bf58142b2f3dc9ed85bcb54ebe9f48a9b9e76e1
SHA3-384 hash: 54457fee6256eea5e66bbadd211b3ca74bef3c6e92be081d00554ab5a615c4ac690f77eb3fcecbbc16dca18cf010c620
SHA1 hash: e4e032fac79978f249fe99fbf5c3c5ac85ec2085
MD5 hash: 991901b931ea1a26704e62e50adfdf79
humanhash: delta-golf-carbon-video
File name:DOCUMENT.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:378'337 bytes
First seen:2022-12-16 16:45:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:/1rZEaXm46QZondlYSodfShlrjraMg6CC+SEiYDkzNl0EFa+56fp3xo0REyTHkte:/1VEa2jdlUhShlPraMCC+bDkgDfpKYE4
TLSH T105842394F1D4116F79ED00262C41EF2A975AF2953D5C8E85CC07EB7B8622BAA30D29F4
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:AgentTesla Shipping zip


Avatar
cocaman
Malicious email (T1566.001)
From: "ashwini.oak@sumashilp.com" (likely spoofed)
Received: "from sumashilp.com (unknown [45.137.22.173]) "
Date: "11 Dec 2022 07:59:52 +0100"
Subject: "RE:SHIPPING DOC (CI,COO,PL,BL)"
Attachment: "DOCUMENT.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:DOCUMENT.exe
File size:487'936 bytes
SHA256 hash: fe5734f6621e30a2686219f31e5ebcca7e7851e8a572baf1463551de0d72d4ea
MD5 hash: fcbf2c7ad881fc73845f1b228662bbfe
MIME type:application/x-dosexec
Signature AgentTesla
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs2906.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.PWS.Siggen3.24982.12376.22854.UNOFFICIAL
Create hunting rule

Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/f1270ce895ff157fdf1831ce5bf58142b2f3dc9ed85bcb54ebe9f48a9b9e76e1/results/dashboard
Gathering data
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/f1270ce895ff157fdf1831ce5bf58142b2f3dc9ed85bcb54ebe9f48a9b9e76e1
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f1270ce895ff157fdf1831ce5bf58142b2f3dc9ed85bcb54ebe9f48a9b9e76e1/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-12-11 09:04:48 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
16 of 40 (40.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6etqz2ev74kx7xyyghhfx5mbikzphxe63bn4wvhl5h2ivg46o3qq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/f1270ce895ff157fdf1831ce5bf58142b2f3dc9ed85bcb54ebe9f48a9b9e76e1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f1270ce895ff157fdf1831ce5bf58142b2f3dc9ed85bcb54ebe9f48a9b9e76e1

(this sample)

AgentTesla

Executable exe fe5734f6621e30a2686219f31e5ebcca7e7851e8a572baf1463551de0d72d4ea

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fe5734f6621e30a2686219f31e5ebcca7e7851e8a572baf1463551de0d72d4ea
  
Dropping
AgentTesla

Comments