MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f75be9e2beae431cc3018c6429132bc469ca6f399c342f5f9e25e547524b1f69. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f75be9e2beae431cc3018c6429132bc469ca6f399c342f5f9e25e547524b1f69
SHA3-384 hash: 17f4af369bdfb1e89f8b03a2d977bafe4a927eea33837174a13b88c293e9e8a90812a0feb41a873626a89341a7b19d64
SHA1 hash: 7dfb3c18e1066eb7274409e69e825bf5fff3d432
MD5 hash: a834ad58455631fc2f507c736ce2557f
humanhash: uranus-zulu-crazy-lamp
File name:DHL_document1102202068090891.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:532'400 bytes
First seen:2021-03-12 15:50:38 UTC
Last seen:2021-03-15 07:57:06 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:+eEEzEXMpSFjfgexq3SHZjcum6hDcGMGQPRh6ba3AxbZu1jqZRMUrG:+ejEXTf+3Gcum6uTga3A3u1jqZLa
TLSH DDB4238E92B869CFDCD6019FF88751BC2CBFDD118076A26A7F9799280CD250DDE49D20
Reporter GovCERT_CH

Intelligence

File Origin
# of uploads :
2
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36492295.28629.11716.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f75be9e2beae431cc3018c6429132bc469ca6f399c342f5f9e25e547524b1f69/
Threat name:
ByteCode-MSIL.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2021-03-12 01:22:29 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=65n6tyv6vzbrzqybrrscsezlyru4u3zztq2c6x46exsuousld5uq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f75be9e2beae431cc3018c6429132bc469ca6f399c342f5f9e25e547524b1f69

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f75be9e2beae431cc3018c6429132bc469ca6f399c342f5f9e25e547524b1f69

(this sample)

AgentTesla

Executable exe 8c248038f6045835d77fe9f89698aafdc26a2644c89bc8cef54c13a9dceff4a2

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8c248038f6045835d77fe9f89698aafdc26a2644c89bc8cef54c13a9dceff4a2
  
Dropping
MD5 2bb75a79a205701c93773e1bbd5a8c49

Comments