MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05cadae522e86ca2699a405d1c19093a8a2be218f36dd9b0f9059ade8b9da303. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05cadae522e86ca2699a405d1c19093a8a2be218f36dd9b0f9059ade8b9da303
SHA3-384 hash: 26ed75fdc0a7a2c5f0adbdbbb072735baf28ec713cce25f186679dbb05a6daaac131ba864ae0dd2401455f84376ebc3a
SHA1 hash: 29b55aad24c29ca349873ae6fde4b789967bb8db
MD5 hash: 96260e3885687b807d180fc008914ae8
humanhash: white-table-paris-autumn
File name:scanned _55.pdf.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:520'710 bytes
First seen:2020-07-29 11:17:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:tjJTNt8J2VBm2bza+COTk6o1Kj6E1X8Y5AqEWc:X8J2VBm5h11S8Ym9Wc
TLSH 41B423CB65DDFA632D8DDE67726008F8701A5A5BE7FF0B5BE218B180ED12631B457021
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: Richard <orscorp@cyber.net.pk>
Subject: General equipment and kit Replacement
Attachment: scanned _55.pdf.arj (contains "scanned _55#.pdf.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/05cadae522e86ca2699a405d1c19093a8a2be218f36dd9b0f9059ade8b9da303/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 11:19:07 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=axfnvzjc5bwke2m2iborygijhkfcxyqy6nw5tmhzawnn5c45umbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 05cadae522e86ca2699a405d1c19093a8a2be218f36dd9b0f9059ade8b9da303

(this sample)

AgentTesla

Executable exe b3713c385b61794a7ed4da4058bfc5c59f341a480b3afc0af1b3656445e2f64e

  
Dropping
MD5 fe04eda0fad0ac69c7b8f88ac0759f6c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b3713c385b61794a7ed4da4058bfc5c59f341a480b3afc0af1b3656445e2f64e

Comments