MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 03dd9a5f37cef2c357b6b0a24fba2b5de8bffebb127ae2e6d85791df081c84e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 03dd9a5f37cef2c357b6b0a24fba2b5de8bffebb127ae2e6d85791df081c84e5
SHA3-384 hash: dcda58ae4e681c841338711f2c29038e4ad079c922c529a72da3dc777c2791e035a921b21fc03dbc4215acac75451b29
SHA1 hash: c4f302837156e3272d565674475e158fc0de7c38
MD5 hash: d53a9ad859e7ee98445a7af7c659feff
humanhash: stairway-kentucky-low-purple
File name:Order__Food Additive.r11
Download: download sample
Signature AgentTesla
Create hunting rule
File size:466'245 bytes
First seen:2020-06-04 06:16:20 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:K0Psr72qOnSDdfgspkBzEF0Vc8SXRHQLABGvZzOP8eCV4iAwH9AR6b:m2vSBLkQ0y8wLUFcg99
TLSH D0A4231387C94BEDCF70B45AE2BAE90B6436E6105AC3D4C72F999F4BFBC511C1A50819
Reporter abuse_ch
Tags:AgentTesla r11


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server40.a2zcreatorz.com
Sending IP: 72.18.130.169
From: Jan-Patrik Schlesinger <j.schlesinger@tuchel-sohn.com> <sales@belbev.asia>
Reply-To: sales@belbev.asia
Subject: Offer Request: FOOD ADDITIVES//GMP/ISO/ HACCP Standard
Attachment: Order__Food Additive.r11 (contains "Order__Food Additive.exe")

AgentTesla SMTP exfil server:
smtp.desmaindian.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 06:37:19 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=apozuxzxz3zmgv5wwcre7orllxul77v3cj5ofzwyk6i56ca4qtsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 03dd9a5f37cef2c357b6b0a24fba2b5de8bffebb127ae2e6d85791df081c84e5

(this sample)

AgentTesla

Executable exe 69f0b47ce8a9aea88c84a436e06a6569715461960f48fa5b10af6b7ae0b94202

  
Dropping
MD5 49c1965c475ad1684b9fd6ccdcba5019
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 69f0b47ce8a9aea88c84a436e06a6569715461960f48fa5b10af6b7ae0b94202

Comments