MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d9f386459db24a603d40e1bc22505bab627c1a99c0ae7674c610c738e6db42a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d9f386459db24a603d40e1bc22505bab627c1a99c0ae7674c610c738e6db42a
SHA3-384 hash: fef520257b6e42348d91adabe497acd998d35ea59e5cb1227f9e30850a5e19485a22960b2e9fd16fb69f5440479fbb3b
SHA1 hash: d5916c459e4c4bb5de93e66f4ab0ac8cea38d8dc
MD5 hash: 87b677891d8e2ab6c41a75acd8a99128
humanhash: thirteen-nevada-violet-dakota
File name:document.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'051'309 bytes
First seen:2020-06-02 07:18:37 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 24576:1eJDRYZIt60QtjcxgFHkNnmN2VI+yXbkbJDaL3mkxRChkA76:wDRBtqjcxWkri+yrkbJDu2k77
TLSH 282533FB23762A921F0F81A653F87D95B220498C79D82E7718051107F8F62564C7FABB
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: interserve-me.com
Sending IP: 156.96.58.98
From: Hakkim.N <Hakkim.Nazarud@interserve-me.com>
Reply-To: Hakkim.Nazarud@interserve-me.com
Subject: Please reply ASAP_URGENT.
Attachment: document.pdf.gz (contains "document.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 07:36:41 UTC
File Type:
Binary (Archive)
Extracted files:
29
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dwptqzcz3mskma6ubyn4ejifxk3cpqnjtqfooz2mmeghhdtnwqva._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 1d9f386459db24a603d40e1bc22505bab627c1a99c0ae7674c610c738e6db42a

(this sample)

AgentTesla

Executable exe bc54652c9d21400491931b5276d788d60857f782af994de788d7506913fcf0ee

  
Dropping
MD5 0abe94643f4b630da13fea048fb22c0a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bc54652c9d21400491931b5276d788d60857f782af994de788d7506913fcf0ee

Comments