MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1806f7ca0dbeae7ece5b91e3f0511b61e5d862f18ea02a6539a6ecd42520a343. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1806f7ca0dbeae7ece5b91e3f0511b61e5d862f18ea02a6539a6ecd42520a343
SHA3-384 hash: fc9a2b13ffabefff955a0f790aeac63c308d10dc8e3cfc9660397f4b89cf9105a36835251fad390fff52b55efe212637
SHA1 hash: cca7d1c22a4d55e59773c2f90b9940e47949d62d
MD5 hash: f26d25e8e48ddfcbcd77b2f4e8756f67
humanhash: equal-eighteen-south-fanta
File name:PO_ORDER_09072020_PDF.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:356'877 bytes
First seen:2020-07-09 18:43:49 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:F7Eg7oNdbCuJ9UGaaMhRQu2pSplNZ17eb2gDI6vQXMEoiqWfngy4eFVrJb0X:LoNVuaXSpbWbi6IktWfgn6FM
TLSH 747423E8011D83D1CD50EC16AF8A2656E6AED73B8772D34F3B087C07396B9664DB805B
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vps.greatdense.xyz
Sending IP: 45.95.169.63
From: Nelson Hannah <info@greatdense.xyz>
Subject: RE: ORDER REQUEST
Attachment: PO_ORDER_09072020_PDF.rar (contains "SKMT_09072020_PDF.exe")

AgentTesla SMTP exfil server:
mail.karmarts.co.th:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1806f7ca0dbeae7ece5b91e3f0511b61e5d862f18ea02a6539a6ecd42520a343/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 18:45:05 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dadppsqnx2xh5ts3shr7aui3mhs5qyxrr2qcuzjzu3wnijjaunbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 1806f7ca0dbeae7ece5b91e3f0511b61e5d862f18ea02a6539a6ecd42520a343

(this sample)

AgentTesla

Executable exe 3763c0bde1d8eb2943f3fbf10ce25d2360f1200993f28b3951522f9f455f8970

  
Dropping
MD5 36eb80897ad85742010328a1bd0a620d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3763c0bde1d8eb2943f3fbf10ce25d2360f1200993f28b3951522f9f455f8970

Comments