MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1758585455553ddd83a8fca9e503873f493f31b79a0aaf14aa11ea97a659cf71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1758585455553ddd83a8fca9e503873f493f31b79a0aaf14aa11ea97a659cf71
SHA3-384 hash: f0828a088570788e21e52ef5ce34469aa6e81452f10e7ade2a62266905fc72777cbab8c9ba658c5d36a3a1b797e62a1a
SHA1 hash: 9334f7b34792b4fad16a42063a8951afd72a5d40
MD5 hash: 3a04ad3a022739bffe8c54ab181cb239
humanhash: oklahoma-cardinal-tennessee-may
File name:Shipping Document PLBL Draft.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:223'147 bytes
First seen:2020-06-30 12:09:58 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:CxU5+cQFFvPuDY1EkZD2qowzAH1eR/Tk10:WvjvPufkZD2jVH1K1
TLSH C52423A5331800E1AD2C936296ACB5F64BF7E231D68DCF09C7C73B9E25E92541D7A01E
Reporter abuse_ch
Tags:AgentTesla r00 TNT


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cloudhost-433832.uk-south-2.nxcli.net
Sending IP: 165.84.219.136
From: TNT EXPRESS <service@tnt.com>
Subject: Consignment Notification: You have A Package With Us
Attachment: Shipping Document PLBL Draft.r00 (contains "Shipping Document PL&BL Draft.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1758585455553ddd83a8fca9e503873f493f31b79a0aaf14aa11ea97a659cf71/
Threat name:
ByteCode-MSIL.Trojan.Bluteal
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 12:11:08 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c5mfqvcvku653a5i7su6ka4hh5et6mnxtifk6ffkchvjpjszz5yq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 1758585455553ddd83a8fca9e503873f493f31b79a0aaf14aa11ea97a659cf71

(this sample)

AgentTesla

Executable exe d476a544163ada2f782fea0b457a59f167825b5d7a0be161400070d919543f54

  
Dropping
MD5 4c3f776751b7ead0c297f8f55e341958
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d476a544163ada2f782fea0b457a59f167825b5d7a0be161400070d919543f54

Comments