MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b5aed68397bf606ffec5ddd12e03c21ad332aa851cf5df746d3067cfc9e7ff9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b5aed68397bf606ffec5ddd12e03c21ad332aa851cf5df746d3067cfc9e7ff9
SHA3-384 hash: 9190e05e5f831939d7bae0cc0d412110073f2b5391113ec1ccabee42fe9c4a4d2ec415ce65858d531e1ba1a5d1608c76
SHA1 hash: 67f1cb3b6bdb8cb047d73bbb7f7a8bc666bdac59
MD5 hash: 2f2c7da2ca90458763ba41e1911206ea
humanhash: chicken-london-cola-asparagus
File name:new_order_xls.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'829'679 bytes
First seen:2020-05-05 10:58:11 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 49152:w+BqvlJu4HcQ0ALm4Ztpg/FWRhy5AEEz2Mj2FzUt:1MvlqCWonyXyiFwt
TLSH 668533C0C3C257A4DD907970A509CE08EA26ABF199A9DB7A5F0910DB09D798FF3CB351
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: pro152-51.mxout.rediffmailpro.com
Sending IP: 119.252.152.33
From: Ashish Ardhapurkar <ashish.ardhapurkar@apras.co.in>
Subject: NEW ORDER
Attachment: new_order_xls.gz (contains "new order xls.exe")

AgentTesla SMTP exfil server:
mail.emailscrapebox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Nanocore
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 11:36:54 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jnno22bzpp3an77mlxorfyb4egwtgkvikhhv352g2mdhz7e6p74q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 4b5aed68397bf606ffec5ddd12e03c21ad332aa851cf5df746d3067cfc9e7ff9

(this sample)

AgentTesla

Executable exe 25713dac1c6cb3444ccdb4439510b4e396fd217fcd6a5d1c3d40b48ae2716616

  
Dropping
MD5 60826b549c1baaa5f34d192d54aa91f2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 25713dac1c6cb3444ccdb4439510b4e396fd217fcd6a5d1c3d40b48ae2716616

Comments