MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14653a1995c1e537b592e42c5803dcec697c83d752942dad20484016cff32cc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14653a1995c1e537b592e42c5803dcec697c83d752942dad20484016cff32cc9
SHA3-384 hash: 80f58c5920e0201748f631ffe8f9dd186edb9f8316b8f6354b490db4d89cfd579f1f9b91c68d621327729001314b2391
SHA1 hash: d8c3fb0fcfb63af829fedec8ba35e46f37798031
MD5 hash: ea9f6af88195846faf984b7da11577c6
humanhash: steak-mars-april-uniform
File name:NEW ORDER.PDF.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:377'000 bytes
First seen:2020-06-30 13:13:50 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:wx4tC/vLWMzHqGolShWjlaw3xOOHuHIaD7ekm31GIHmvbObI:JtwLWMzUlaFwhZHUIaDg3HOSI
TLSH A984234ABC34A67912DB891F2C7E389C936CEB71F8CC576329587636914588DDF2C2B0
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: zita.lobocom.es
Sending IP: 213.162.200.38
From: Kassem Ahmed <purchase@darwish-tdg.qa>
Reply-To: a.rehman@revo-moto.com
Subject: NEW ORDER #60152
Attachment: NEW ORDER.PDF.rar (contains "NEW ORDER.PDF.exe")

AgentTesla SMTP exfil server:
webmail.crafttechcuttingtools.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/14653a1995c1e537b592e42c5803dcec697c83d752942dad20484016cff32cc9/
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 13:15:08 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=crstugmvyhstpnms4qwfqa645ruxza6xkkkc3ljajbabnt7tfteq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 14653a1995c1e537b592e42c5803dcec697c83d752942dad20484016cff32cc9

(this sample)

AgentTesla

Executable exe 2645e6f05ce2c3ebfb5e928cfe3216d6da26dbe57c63113d70b8447b3fd21b5e

  
Dropping
MD5 23df4ba5477379f16cc8ddaa6c6b2687
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2645e6f05ce2c3ebfb5e928cfe3216d6da26dbe57c63113d70b8447b3fd21b5e

Comments