MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0dada1c07661439be0264e570d101c2d1d7a610e76c45547247f9b5033126d3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0dada1c07661439be0264e570d101c2d1d7a610e76c45547247f9b5033126d3e
SHA3-384 hash: f9d57014e17e9974f7bd954ca1b49e713792188c3c0d8dd074c238955d8b3815a8b581745b0d1409c12588245088dd53
SHA1 hash: 628e49f9274000b6b7a014404aeec7663817d566
MD5 hash: 78acae84190accf942405e863e67f8bf
humanhash: autumn-whiskey-oscar-twelve
File name:Order Details 001.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:411'431 bytes
First seen:2020-06-15 05:36:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:4nffamaM1ltwnJT/GKpv2cnOjo+HlSDL2byv6:4nqMztQjp7Q9d
TLSH F29423DC91069F89AF4256E2AA708B51F3062AA037F6955BF4AD6F53408C4CF6F73C90
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: innomediaindia.com
Sending IP: 62.113.215.209
From: Balkantex Ltd<info@innomediaindia.com>
Subject: Re:Quote
Attachment: Order Details 001.rar (contains "Order Details 001.exe")

AgentTesla SMTP exfil server:
mail.head2hire.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 05:38:08 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bww2dqdwmfbzxybgjzlq2ea4fuoxuyioo3cfkrzep6nvamysnu7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 0dada1c07661439be0264e570d101c2d1d7a610e76c45547247f9b5033126d3e

(this sample)

AgentTesla

Executable exe de17285437a4c1de71dae13eda552553af99577fdb088e7715aaf877a0cb1b13

  
Dropping
MD5 a7274a3900c06e5427506e885eddab9a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 de17285437a4c1de71dae13eda552553af99577fdb088e7715aaf877a0cb1b13

Comments