MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40a48007e9bc524140d372814fcd7e03cbb2edd0689d03b4efe91aeefe7b7acd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40a48007e9bc524140d372814fcd7e03cbb2edd0689d03b4efe91aeefe7b7acd
SHA3-384 hash: ef7d85d5c2f95afa4fb9014fd4bb968cbfdc18c811299db996e374f0fdc16a7409e7956a546e05db702ed65c4813a155
SHA1 hash: cf133f9a3a49567f3591734b250839043bd7d31d
MD5 hash: 17a7442de0c8ba25ceb7aaeb4a0c6610
humanhash: charlie-november-apart-saturn
File name:POs 097663899 NEW ORDER.r.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:373'611 bytes
First seen:2020-06-30 13:36:24 UTC
Last seen:2020-07-01 02:02:37 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:6iI1fZxuzBMuxanE1lL+94nmsfSjzqUfrn5scJfysAyEIb35aMFAsIkkCZAu2er9:KffuTxZ1J+94msafqUVscJfnms5aMibs
TLSH E08423BB36F2B0298080C4C74EBBAE31F35A5078348A7BB4D55F5081691E7D1E78679B
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: pluscargoecuador.com
Sending IP: 103.99.1.149
From: Nishant Rajeev<grace.vaca@pluscargoecuador.com>
Subject: PO - RFQ # 097663899 NEW ORDER
Attachment: POs 097663899 NEW ORDER.r.rar (contains "POs 097663899 NEW ORDER.r.exe")

AgentTesla SMTP exfil server:
mail.parshavayealborz.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/40a48007e9bc524140d372814fcd7e03cbb2edd0689d03b4efe91aeefe7b7acd/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 13:38:05 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=icsiab7jxrjecqgtokau7tl6apf3f3oqncoqhnhp5eno57t3plgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 40a48007e9bc524140d372814fcd7e03cbb2edd0689d03b4efe91aeefe7b7acd

(this sample)

AgentTesla

Executable exe eea3d6de7952101ff57da6f48ea85ecdbaf71bf5027d0d20478021d842a21101

  
Dropping
MD5 610a2a3c8ff25649bb8d64f028d657fe
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eea3d6de7952101ff57da6f48ea85ecdbaf71bf5027d0d20478021d842a21101

Comments