MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 281b8412dd44fe114ec512bd3c66dcf8afe75750d3fb009215862df4a1438540. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 281b8412dd44fe114ec512bd3c66dcf8afe75750d3fb009215862df4a1438540
SHA3-384 hash: 0886584461ce74311a2b2fe250b49e83ce947543c65812a78a670ca8fe83e74da72c55bd21e4ebe2f9d271bf3e4e5031
SHA1 hash: 4ba81e17ac6211f9dd0b8514156a21646a40bace
MD5 hash: dd731bd1e83e955b8ce126b8ba49dc0a
humanhash: stairway-harry-william-july
File name:PO63738_PDF.cab
Download: download sample
Signature AgentTesla
File size:283'277 bytes
First seen:2020-06-30 05:30:34 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:pFgzFMQkqy5AMpcmSkHIpJ/hjEFHeaFSJMlWLol1sR0DEfDgi:AG5OkHIp1kHRSJcsR0DGgi
TLSH 5A5423473D8B54C6CE010CAA1A16CED91F21BCDE45178275E72583F898E8C6DFE4B7A2
Reporter @abuse_ch
Tags:AgentTesla cab


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: hwsrv-745738.hostwindsdns.com
Sending IP: 192.236.195.11
From: Chien B <hiep@dongtaycorp.vn>
Subject: Purchase Order.PDF SCR
Attachment: PO63738_PDF.cab (contains "PO#63738_PDF.SCR")

AgentTesla SMTP exfil server:
vps.medicproduction.gq:587

AgentTesla SMTP exfil email address:
receive@medicproduction.gq

Intelligence


Mail intelligence
Trap location Impact
Global High
IT Italy Low
NL Netherlands Low
# of uploads 1
# of downloads 30
Origin country FR FR
ClamAV SecuriteInfo.com.Trojan.GenericKD.34093416.25763.5344.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/281b8412dd44fe114ec512bd3c66dcf8afe75750d3fb009215862df4a1438540/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Agensla
First seen:2020-06-30 01:23:00 UTC
AV detection:16 of 30 (53.33%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 24.19%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab 281b8412dd44fe114ec512bd3c66dcf8afe75750d3fb009215862df4a1438540

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments