MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1bed813152610ab3b65553e9cbd43ba93dfd6eb97af3f1374b61dd7a014155a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1bed813152610ab3b65553e9cbd43ba93dfd6eb97af3f1374b61dd7a014155a8
SHA3-384 hash: c97d3fc4119cf4da508764d04443b0d55b8704a906be3e1344593e5185a838de745315389e9bf527cd6dd1cfe9f2583c
SHA1 hash: 5c0e4bd7c5f12af240f10efc440e83983c5861f3
MD5 hash: af63bf9801de1f622696661ac0f767d4
humanhash: social-steak-hamper-december
File name:Overdue invoices.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:983'711 bytes
First seen:2020-06-11 06:27:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:/TvtakkHHKF8D9sv1Mx6GK7DgNn3UWGdd6UdlN/k:/Tvta/HKWD2mK7D0n6vU
TLSH 742533E6EF91FF221A02D7471914CB871249A98A5D4C7AE3CDD786E370E6492CC7078E
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server02.hostngon.vn
Sending IP: 203.162.238.30
From: info@interaduaneira.com.br
Subject: Fwd: Supply invoices / Overdue invoices
Attachment: Overdue invoices.rar (contains "OVERDUE INVOICE.exe")

AgentTesla SMTP exfil server:
mail.shamdew.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 06:29:05 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dpwycmksmeflhnsvkpu4xvb3ve6723vzplz7cn2lmhoxuakbkwua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 1bed813152610ab3b65553e9cbd43ba93dfd6eb97af3f1374b61dd7a014155a8

(this sample)

AgentTesla

Executable exe 0fcd20704b1c365d0b3b06835cc782237697be54c9e78c091245bfd7f4f50ac7

  
Dropping
MD5 cfac84afdbbda7362016e94c766ce96a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0fcd20704b1c365d0b3b06835cc782237697be54c9e78c091245bfd7f4f50ac7

Comments