MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ec89994c133b82ec2bbac8df2d2d6a925c66ba062d27fd6d8f19979682e58cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ec89994c133b82ec2bbac8df2d2d6a925c66ba062d27fd6d8f19979682e58cf
SHA3-384 hash: e11ac91d361093eb93e30634339baaf8fbccbe164e82b7137506f2f3e2db32cb7ab90fd1a4ebde432aba7a33c17f65eb
SHA1 hash: 62a1a3f5af51681871297a3dfd03b0d3d53c073d
MD5 hash: 194511163e87d591c828961c3e754f93
humanhash: salami-april-delaware-blue
File name:PO20201606.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:400'119 bytes
First seen:2020-06-16 05:39:08 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:pHqJwziuwGFkWeO9rrfV4zILaC8/ejjPtSiHgsOJeiqAiS+fkyuYd+y8iCyKo/yA:pHqJGiuwVmdrf5NO2SEkyZ+kCZg9w25
TLSH 278423C6B707D402555385E2FF2C618B626F3BB82D71A9635FD0F0CEE9A698E075804B
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ns.tokyoconsultinggroup.com
Sending IP: 211.1.230.102
From: ANIL KUMAR ARORA <vu.h.my@tokyoconsultinggroup.com>
Reply-To: kate.wang@aus-home.com
Subject: Attached Purchased Order
Attachment: PO20201606.arj (contains "PO20201606.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 05:41:02 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d3ejtfgbgo4c5qv3vsg7fuwwves4m25amljh7vwy6gmxs2boldhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj 1ec89994c133b82ec2bbac8df2d2d6a925c66ba062d27fd6d8f19979682e58cf

(this sample)

AgentTesla

Executable exe ce3042a91e52973326599b1d3fb755d7bda08c62e7a8f201d54ef6e33a4d5655

  
Dropping
MD5 716b4eab6d0ae5755884643ce96b8b3c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ce3042a91e52973326599b1d3fb755d7bda08c62e7a8f201d54ef6e33a4d5655

Comments