MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 405071f4c92f593a584f83287d163c1aae5c72cf0811543711947e33c51b0356. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 405071f4c92f593a584f83287d163c1aae5c72cf0811543711947e33c51b0356
SHA3-384 hash: 3733bbab50d165468e51594b8bd1852bf3518365f68af85a77f7840d544b22f90fc96a4fcb4292641735b8f161c2658f
SHA1 hash: 83b574908297066160311d2ff856437a19b6cf75
MD5 hash: 2d628ae342162306fd736f98f0ac0b3b
humanhash: bacon-washington-double-fifteen
File name:Bank Details.r01
Download: download sample
Signature AgentTesla
Create hunting rule
File size:966'075 bytes
First seen:2020-05-13 10:01:11 UTC
Last seen:Never
File type: r01
MIME type:application/x-rar
ssdeep 24576:Z3yftHtzR6FPS6j7gRLz6PYmEFiRvX68ro:ZcBtzR2FMLG/EFOX68ro
TLSH DA2533D5BFAB92934A98C4592D81098909EB2C877B4DEF00F36FB104B2853F93554BB6
Reporter abuse_ch
Tags:AgentTesla r01


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: servernew.ideaminetech.com
Sending IP: 172.104.42.45
From: Essam Arafa <chairma@engine.aoi.org.eg>
Reply-To: newtonmunnene14@gmail.com
Subject: RE: Payment Authorization Copy
Attachment: Bank Details.r01 (contains "Bank Details.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 21:11:06 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ibihd5gjf5mtuwcpqmuh2fr4dkxfy4wpbaivinyrsr7dhri3anla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r01 405071f4c92f593a584f83287d163c1aae5c72cf0811543711947e33c51b0356

(this sample)

AgentTesla

Executable exe f27357769e88135e1c6e8931638d380df6cb1f1053321f0efe1025a946a29091

  
Dropping
MD5 14ffeff17b6cf7fdafe90159699335a7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f27357769e88135e1c6e8931638d380df6cb1f1053321f0efe1025a946a29091

Comments