MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 177d84c9b719edf79146e0c9db216375751c400596a5f1491a2f2b0e9e25a214. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 177d84c9b719edf79146e0c9db216375751c400596a5f1491a2f2b0e9e25a214
SHA3-384 hash: c1c71b4b889e591e5f1a2eacbacc37b4cf0bed66474e9f593e0a66a3c433e39852bcb0ba22e7df6590b12c778ead94ff
SHA1 hash: 882c9dfa5d9531fec34d9a315ab1e2083bf795d8
MD5 hash: e59d6395b6382341363ac177a17bc8c1
humanhash: moon-batman-oregon-butter
File name:1120-3378-AWB.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:936'861 bytes
First seen:2020-06-18 06:11:57 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:PxWEkBQE9QBFPOD6K3d6i8MwbYq6ZF+4KH9haG:5WEkBQ+qPOD62616ZwyG
TLSH 3A1533EFA0110C4B8F09B6CF1F64969858E91BF74E369F3B0021F5FAA0E64865F6509D
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: host.medioscorp.com
Sending IP: 67.222.145.115
From: Customer Service <d.evaggeliou@shortsea.gr>
Subject: Shipping Details PO# 12052020
Attachment: 1120-3378-AWB.rar (contains "1120-3378-AWB.exe")

AgentTesla SMTP exfil server:
mail.edaraproperty.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 06:13:08 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c56yjsnxdhw7pekg4de5wildov2ryqafs2s7csi2f4vq5hrfuika._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 177d84c9b719edf79146e0c9db216375751c400596a5f1491a2f2b0e9e25a214

(this sample)

AgentTesla

Executable exe a91a2b8234a4b5a0fcd701970e05a01d153cd65ff27ed7e35fe603e3a59eaa40

  
Dropping
MD5 fd23513eaf9fcb99845b6b518fafa080
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a91a2b8234a4b5a0fcd701970e05a01d153cd65ff27ed7e35fe603e3a59eaa40

Comments