MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1dac29b4cb640a8cfa2d62d78c2d4e4376c0e8d6d685e8ff571e0ae1f7333496. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1dac29b4cb640a8cfa2d62d78c2d4e4376c0e8d6d685e8ff571e0ae1f7333496
SHA3-384 hash: dc2842eae025ff8ecf7bb0b51c0d01644d2788a11b60b79d97671b537c6c6cc260974b9acb3b5afb9f38dd54a97d6dad
SHA1 hash: b7fb56e870de14db1ceed8620dd1ef4db2c6017d
MD5 hash: 5f8f764fd543ee00b07fb34eb9e4a4ee
humanhash: angel-solar-social-shade
File name:PAYMENT DETAILS.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:403'092 bytes
First seen:2020-06-26 11:31:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:DXco9WBXiMwvQc9CpXhAEnibBAfHqw/lDD/vGjCiyK9L5C/IHdj6RG71/w6pZLAu:7pkBXiMwvQc8DibMKwtf69Lc/cRWk/
TLSH 438423A7C62D68FB7DDA3E64C7643871E107B6F10154C84E24BAB2605497E78AD33E07
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gmail.com
Sending IP: 103.99.1.149
From: AUGUSTA POLYMERS<augusta.polymer@gmail.com>
Subject: RE:COPY OF THE PAYMENT, 5635/-USD
Attachment: PAYMENT DETAILS.zip (contains "PAYMENT DETAILS.exe")

AgentTesla SMTP exfil server:
mail.pptoursperu.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis2A46FD19BDA3.9064.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1dac29b4cb640a8cfa2d62d78c2d4e4376c0e8d6d685e8ff571e0ae1f7333496/
Threat name:
ByteCode-MSIL.Trojan.SchInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 11:32:05 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dwwctnglmqfiz6rnmllyylkoin3mb2gw22c6r72xdyfod5ztgsla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 1dac29b4cb640a8cfa2d62d78c2d4e4376c0e8d6d685e8ff571e0ae1f7333496

(this sample)

AgentTesla

Executable exe e0c880cdc57688937efa0b5739acf00bf7dfa517c70b8a3d5c507c163fd82494

  
Dropping
MD5 49e9ba7dcb10089d7dce1650781110e1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e0c880cdc57688937efa0b5739acf00bf7dfa517c70b8a3d5c507c163fd82494

Comments