MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04b5c846758159f3c1f4cda6a3cea354c26ba05648c52eb42a850ff5bb25d71a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04b5c846758159f3c1f4cda6a3cea354c26ba05648c52eb42a850ff5bb25d71a
SHA3-384 hash: 225c03397181b7b353101beb0ff01700ece9880d714fa1442820fd74828fc9bf7d2d4642a50f8acd101c0d8d662e7fce
SHA1 hash: 5fcf1c1c9717373e4c171e78e84a8e2564a32edc
MD5 hash: 5313225965dcfa97b6d3e6767eb37f30
humanhash: idaho-shade-fix-apart
File name:PO TTL-0540720..rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:668'283 bytes
First seen:2020-07-21 05:53:08 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:JkbJRhBAlUFqgRvK9wxItR24FwmJGXhHfuGbz33KMCvhm3eZW:JkPkaFLvK9WGR1wWYhum33KMCot
TLSH 62E4236F121B499D20E8B18E5B894DB6E3D2798F220F684B399816FF4D4E5841F4C1BB
Reporter abuse_ch
Tags:AgentTesla Endurance rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gproxy2-pub.mail.unifiedlayer.com
Sending IP: 69.89.18.3
From: Jalamrut Distribution India, Inc. <engg1@jalamrut.com>
Subject: PO# TTL-0540720.
Attachment: PO TTL-0540720..rar (contains "PO# TTL-0540720..exe")

AgentTesla SMTP exfil server:
mail.misrnour.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27121.RarHeur.NoDP.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27363.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/04b5c846758159f3c1f4cda6a3cea354c26ba05648c52eb42a850ff5bb25d71a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 05:55:05 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=as24qrtvqfm7hqpuzwtkhtvdktbgxicwjdcs5nbkquh7lozf24na._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/04b5c846758159f3c1f4cda6a3cea354c26ba05648c52eb42a850ff5bb25d71a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 04b5c846758159f3c1f4cda6a3cea354c26ba05648c52eb42a850ff5bb25d71a

(this sample)

AgentTesla

Executable exe 0ac85112e36bb5ebd5c69bfd6d1f11371bbca41c281bd9d664c5f6952b81aca8

  
Dropping
MD5 42e1fe94ff4febda031f64c7ec43f03d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0ac85112e36bb5ebd5c69bfd6d1f11371bbca41c281bd9d664c5f6952b81aca8

Comments