MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb12c91bc0dc5763fb90901122ad44310b5198342173baa6f7072ea241aed63c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb12c91bc0dc5763fb90901122ad44310b5198342173baa6f7072ea241aed63c
SHA3-384 hash: d464a1b7018f27bd8c25bf9d9a65e0def9c7ca0b0fda63feb785535bfea186ffb6393af3721004440c72c9d038e8994d
SHA1 hash: 9686bd6499da6b7b1793b3d2dd2bef2b77823e79
MD5 hash: d8c9ea229db9ecc5c23296290219d9aa
humanhash: beer-bacon-red-lima
File name:LIST OF PRODUCTS NEEDED.pdf.rar.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:389'751 bytes
First seen:2020-11-19 06:43:45 UTC
Last seen:2020-11-20 00:18:06 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:htgq5dGVltJ4oL1EyrGN3QSVnOTzxcF6+xDcwZmRTTLHOxQDdMie/jMRhUhS:kq5dklD4oL1EoQx+zxcseDWT3ux3/YRr
TLSH B68423F2FE314FB06C95600F836A57D2481CDAE5428AC6DDE1FC8937855E291ECCC99A
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""Ben"<redessociales@acciona.com>" (likely spoofed)
Received: "from acciona.com (unknown [103.145.252.171]) "
Date: "18 Nov 2020 14:11:17 -0800"
Subject: "RE: URGENT REQUEST FOR QUOTATION AND PROFORMA INVOICE"
Attachment: "LIST OF PRODUCTS NEEDED.pdf.rar.zip"

Intelligence

File Origin
# of uploads :
4
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_rar.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb12c91bc0dc5763fb90901122ad44310b5198342173baa6f7072ea241aed63c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 02:40:47 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7mjmsg6a3rlwh64qsaisflkegefvdgbuefz3vjxxa4xkeqno2y6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip fb12c91bc0dc5763fb90901122ad44310b5198342173baa6f7072ea241aed63c

(this sample)

AgentTesla

Executable exe 16dff524e764f19be7a7851841235ef4406b22866e500ca592b678c55fd70bf5

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 16dff524e764f19be7a7851841235ef4406b22866e500ca592b678c55fd70bf5

Comments