MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12cbeceaa6c711ba43a35c78ad0d1be857425d87c72d12e4afd30f42f89a4418. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12cbeceaa6c711ba43a35c78ad0d1be857425d87c72d12e4afd30f42f89a4418
SHA3-384 hash: 3ef73e14589485915bd37e5a16fd361b02c0cba52bcd41f7a915767756a5487f191826be80365671a3514e1e24d41f0b
SHA1 hash: da4945b83aa7d794873a646f0afd789db95e92b8
MD5 hash: 81eb51c77fb2ba61cca0ee1e6433e5c8
humanhash: beryllium-nebraska-stairway-avocado
File name:Invoice no 104.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:400'298 bytes
First seen:2020-06-29 05:43:49 UTC
Last seen:2020-06-29 13:41:28 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:pCfYcqOmcw9pl8AS3+Q706fKQyNxl3Ud7LzeNVp8CgA9/X/yA26jRGwNy5hEZ:1c3aplMP706fNIkd7LqDLgAXqAAwNKhw
TLSH AF84235ABAD77C5F3A630E7C9D26B52735EAB086B9A24CC70328C5CBC024E2D55537A0
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ifgl.in
Sending IP: 103.99.1.170
From: Vishal Khodiyar<planning.kandla@ifgl.in>
Subject: RE: Invoice no 104 for Shipping Bill
Attachment: Invoice no 104.rar (contains "Invoice no 104.exe")

AgentTesla SMTP exfil server:
mail.mytecheng.com:587

Intelligence

File Origin
# of uploads :
3
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/12cbeceaa6c711ba43a35c78ad0d1be857425d87c72d12e4afd30f42f89a4418/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 05:45:05 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=clf6z2vgy4i3uq5dlr4k2di35bluexmhy4wrfzfp2mhuf6e2iqma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 12cbeceaa6c711ba43a35c78ad0d1be857425d87c72d12e4afd30f42f89a4418

(this sample)

AgentTesla

Executable exe 85845a6b331fd32dbb1ce10d0299f7973775589c7506f2ddc2185c88997c6432

  
Dropping
MD5 da7233ed552ff4c79c775d35d99f7c31
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 85845a6b331fd32dbb1ce10d0299f7973775589c7506f2ddc2185c88997c6432

Comments