MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 164009aaada32ead9f274870d12de1e02574b526ca5fde6a916b3e547b4cb878. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 164009aaada32ead9f274870d12de1e02574b526ca5fde6a916b3e547b4cb878
SHA3-384 hash: 74314c092f39d85bf395dfa785ed5ae9909370cfd989e4d63d02304b2de25cd2c512af8b75049b832e67b51e897f0d55
SHA1 hash: 66668e057579ee77593264bcda4fbb1258667176
MD5 hash: 76f0b190e48f60d121c25f101cdfef55
humanhash: leopard-louisiana-twenty-island
File name:MONOHYDRATE_DEXTROSE.r11
Download: download sample
Signature AgentTesla
Create hunting rule
File size:440'919 bytes
First seen:2020-05-27 18:13:53 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:nrQglONtnZXG0iOYoGYOmUlY/v0EZvt5gurEp4VtQrFBf:/oNbXGcYozOTCpt5gurc4Vt6FBf
TLSH 7D942312EE22020E9E736E66BAFBA1740A217017FC391D17FB453A5736F142037B1E5A
Reporter abuse_ch
Tags:AgentTesla r11


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: relaymail.ingenosya.mg
Sending IP: 5.189.167.183
From: Tropical Premier Foods <info@yeshue.vn>
Reply-To: info@yeshue.vn
Subject: New Order // DEXTROSE MONOHYDRATE (TAPIOCA)
Attachment: MONOHYDRATE_DEXTROSE.r11 (contains "(MONOHYDRATE)_DEXTROSE.exe")

AgentTesla SMTP exfil server:
smtp.desmaindian.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:10 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 164009aaada32ead9f274870d12de1e02574b526ca5fde6a916b3e547b4cb878

(this sample)

AgentTesla

Executable exe 2a5bd7caeaccf48e74d98cf4df37e72402bc6695a1ac9143e2986c76b6ac2b7a

  
Dropping
MD5 f244de1cf4784ad518548b53e5411eb9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2a5bd7caeaccf48e74d98cf4df37e72402bc6695a1ac9143e2986c76b6ac2b7a

Comments