MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00451cebdcd0083c01f8fb09f62046185ee1546d314455d1f7471f692056485f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 00451cebdcd0083c01f8fb09f62046185ee1546d314455d1f7471f692056485f
SHA3-384 hash: c2a099da754d39808b2686af75348be4bd88225ca3fee650d65038139f0073007cb3c20e4d2eb13e082be9e811a3182d
SHA1 hash: 0b510b1931a39c7aff986822bba30aadd5075234
MD5 hash: 2b6b1ab2d9761ef3ad1474fa7570040a
humanhash: mike-march-lemon-oregon
File name:PO _RSs NP872.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:458'655 bytes
First seen:2020-08-18 13:21:45 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:9mRYcWqUBfq5UIc3f9HnHzl2cLBymWov9p5q5jeYMwWGy:Gn9/ef9HHZL2Sp5qAYNWr
TLSH 52A42398246B7AF5A79B124E82271C26A15F78372CF6C7991E23879B3050FFDD0A105B
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mx.skywaytechnics.com
Sending IP: 165.232.52.222
From: obd@skywaytechnics.com
Subject: RE: PO : RSs & NP872
Attachment: PO _RSs NP872.rar (contains "PO _RSs & NP872.exe")

AgentTesla SMTP exfil server:
smtp.agodtech.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/00451cebdcd0083c01f8fb09f62046185ee1546d314455d1f7471f692056485f/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 04:36:15 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=abcrz2642aedyapy7me7micgdbpocvdngfcflupxi4pwsicwjbpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/00451cebdcd0083c01f8fb09f62046185ee1546d314455d1f7471f692056485f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 00451cebdcd0083c01f8fb09f62046185ee1546d314455d1f7471f692056485f

(this sample)

AgentTesla

Executable exe 4001c29c7050e6a54bdcd2a200b6e73a8d59e9e27b12ed24871393195ccd19f3

  
Dropping
MD5 c0a6f89ed8bcd5c2fd16b13c775cd4b1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4001c29c7050e6a54bdcd2a200b6e73a8d59e9e27b12ed24871393195ccd19f3

Comments