MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a45fc3b44b9ae5a2e6d6dbd5ea2c7105ddd582c6c21ad3d397a5d28e48e6f35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	4a45fc3b44b9ae5a2e6d6dbd5ea2c7105ddd582c6c21ad3d397a5d28e48e6f35
SHA3-384 hash:	7aa39dda7a8d51c0c27dc2df5b3db84c30bb692b726b041228c8fe4234c2876e5d045949e0254e297f47a55a60f59755
SHA1 hash:	9dc33529ca01bcb1f4f5f738db5277246be1e820
MD5 hash:	5aad21fa3f52eb1b0ea9c97e8f7ab750
humanhash:	september-red-cold-apart
File name:	Rar Returned Invoice details.zip
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	999'190 bytes
First seen:	2020-06-03 08:39:29 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24576:bmK+p4df1ujbeMpfL6tVEGaFwgEtDQWjwkAIYAaNqiLDvkIh1CVbCO8rKU:bmKv4beQj6tSutcWj/YAaUajkSEehr5
TLSH	B5253307C25DB5AE37594260D7E924EF8837A2A1F1C8CD477A4B13F64DD8A45E2BC832
Reporter	abuse_ch
Tags:	AgentTesla zip

abuse_ch

Malspam distributing AgentTesla:

HELO: s111-ir-cpanel-trade.maindns.net
Sending IP: 185.165.116.18
From: Piyush Sakorikar <Piyush.hdfcbank@gmail.com>
Reply-To: Piyush.Sakorikar@hdfcbank.com
Subject: Re:Returned Bank Invoice
Attachment: Rar Returned Invoice details.zip (contains "Rar Returned Invoice details.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587