MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 385c6146f72e41cecd99e18bdfe42f5047d0467bb3ae4d724f69fa753fec2da2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 385c6146f72e41cecd99e18bdfe42f5047d0467bb3ae4d724f69fa753fec2da2
SHA3-384 hash: ca4a2a27c663ec4b11c0b56110d3af23c8a98621738a6794bc801b25642e2508af7eb083978c3c92b3debdd1d0b1880f
SHA1 hash: 15bf2798fda358bbe6db8163676afe4d62331ab5
MD5 hash: a5cfc0c41d1b3f6ac1a0ec1db8e6297b
humanhash: beryllium-lion-mexico-william
File name:Payment011738PDF.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:283'171 bytes
First seen:2020-06-16 11:40:43 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:4qqJuZz9+qpV+eO5VgNRyup4jp7eT+ggaKTMc5V5NHTy1Uy5:49un+SgeQyNnoaQHWGS
TLSH A254234C1308199EE64AE95CF0EE196F4C0874066480D27E1D297B5483A9BFF63DEACF
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.eben-ezer.es
Sending IP: 146.255.101.138
From: Serlingo Facility Services Management FINAL-01 <administracion@serlingo.es>
Reply-To: worldnetofficemailer@gmail.com
Subject: Payment_011738PDF
Attachment: Payment011738PDF.7z (contains "Order011738PDF.exe")

AgentTesla FTP exfil server:
ftp.bmdonline.ro:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 11:42:06 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hbogcrxxfza45tmz4gf57zbpkbd5art3woxe24spnh5hkp7mfwra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 385c6146f72e41cecd99e18bdfe42f5047d0467bb3ae4d724f69fa753fec2da2

(this sample)

AgentTesla

Executable exe 6cb59c403d44f189cc1fc19ade756c48496f7e1c2a1c981a86ae4ed78546174f

  
Dropping
MD5 dc59171acfa62d55376143740cdb1e31
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6cb59c403d44f189cc1fc19ade756c48496f7e1c2a1c981a86ae4ed78546174f

Comments