MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc812f21b3b1ce41b8c888ecac3c2193f96978b6b636038da8544dd051345516. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc812f21b3b1ce41b8c888ecac3c2193f96978b6b636038da8544dd051345516
SHA3-384 hash: 7f24bf2bbc79d5fa5efd93315e761837af84d28f9edfca993eb9e903103d03377b911f55d61f613912f0f7497eed4fd1
SHA1 hash: 27fd60e3cfb2ec6149196f7f309a0e1bbeb30310
MD5 hash: 2a15d961c413c4e06b225e3ef4a63f87
humanhash: zebra-early-friend-five
File name:TT Payment for Shenzen Lancer------PO-TZI-1804------------01042021.zip.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:518'736 bytes
First seen:2021-04-02 10:52:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:6i6HIvV2JzzQgyeTPEiYW9FBJPdo0/wLdezmAu/LO:6vH+VxgyeTPETEFDPCEwRezmAujO
TLSH 38B423A5371312081F8F493B326FF98CB5D1C2B2275C8F4AF1425E53D95367AA42869F
Reporter GovCERT_CH
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.624.9871.1390.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/fc812f21b3b1ce41b8c888ecac3c2193f96978b6b636038da8544dd051345516
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fc812f21b3b1ce41b8c888ecac3c2193f96978b6b636038da8544dd051345516/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2021-04-02 03:45:05 UTC
AV detection:
5 of 45 (11.11%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7sas6intwhhedogirdwkypbbsp4ws6fwwy3ahdnikrg5aujukula._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fc812f21b3b1ce41b8c888ecac3c2193f96978b6b636038da8544dd051345516

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip fc812f21b3b1ce41b8c888ecac3c2193f96978b6b636038da8544dd051345516

(this sample)

AgentTesla

Executable exe 7978ab9506437d357d1ee7bdc5cfe309235c3ebcae565a5e9733ec27236011ec

  
Dropped by
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7978ab9506437d357d1ee7bdc5cfe309235c3ebcae565a5e9733ec27236011ec
  
Dropping
MD5 dc1aa06fd4e4b275463c17b6483791d1

Comments