MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb3d90923bd59d5661d1205d5175ccc02dd402e6928aca599b849425c54753dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb3d90923bd59d5661d1205d5175ccc02dd402e6928aca599b849425c54753dd
SHA3-384 hash: cbe9c9ff838367596986693548e05177d79b10a0ff6e96543f370c0f1a1a0e2c46c7b1ceac27f9edafd01ce505f3caf4
SHA1 hash: 40f46b73266be8a09efcdbdfe06dc57d841e5d25
MD5 hash: d0c5f0d31592f1bcd68e9aff89acfe0a
humanhash: triple-uncle-music-ohio
File name:WBKO011007.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:472'962 bytes
First seen:2020-12-03 07:35:38 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Kz+VphOrzEZ/24/MbyaCipSgLqZvI2PauYRBWO:ECO4/2CO1LqLauEBWO
TLSH 01A423D358176CDF40B8989F2256D46EF852F784E40096BA473FBBA49F631C24ABC847
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Hemanth Karthick<docs@lom-logistics.com>" (likely spoofed)
Received: "from lom-logistics.com (unknown [103.99.1.174]) "
Date: "2 Dec 2020 22:40:46 -0800"
Subject: "RE: (FINAL DOCS) RE: PRE-ALERT / CHENNAI ( Shipper:DONGWA AND CO.,LTD/HANDS CORPORATION/CONSIGNEE:ROCKMAN INDUSTRIES LTD, HBL NO:WBKO011007,/WBKO011008/MBL NO:380010208048)ETD:10.11.2020/ ETA:29.11.2020/TERMS:FOB / LCL"
Attachment: "WBKO011007.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb3d90923bd59d5661d1205d5175ccc02dd402e6928aca599b849425c54753dd/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-03 07:36:07 UTC
File Type:
Binary (Archive)
Extracted files:
32
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7m6zber32wovmyorebovc5omyaw5iaxgskfmuwm3qskclrkhkpoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fb3d90923bd59d5661d1205d5175ccc02dd402e6928aca599b849425c54753dd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar fb3d90923bd59d5661d1205d5175ccc02dd402e6928aca599b849425c54753dd

(this sample)

AgentTesla

Executable exe 80d2742ad2aa2b84c5c32278be4a819400da0135ce52389e6ad711539d6ab9d6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 80d2742ad2aa2b84c5c32278be4a819400da0135ce52389e6ad711539d6ab9d6
  
Dropping
AgentTesla

Comments