MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f0088a886aaa996f084420ba091b9e29f5df2096646b2f4bf8bfcec781397d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f0088a886aaa996f084420ba091b9e29f5df2096646b2f4bf8bfcec781397d6
SHA3-384 hash: 494a4fe097ee4aa6dcbd9a815474cd0610989a14ad211e12c1e2102b48657173f17bf80d333b3199d4d87aa07ac41ede
SHA1 hash: 77dadc425d7651fefb9771e62e8d519d1091562c
MD5 hash: df34f75b6401e6e2b31c86d920ec5efd
humanhash: london-grey-hotel-autumn
File name:Work-OrderUTM Machine.PDF.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:387'378 bytes
First seen:2020-06-11 06:12:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:pmm0kl1eQVERI6ePnPgYR+B71wvTfwJmDgONK8DDufohbNWhngWRcxpn8LvA+:N0QewERI6ePgFziYJmbRDufYMexavA+
TLSH 8B842333180C221594B91D1EAD05B83E91DA139F79B70B2EC0E3E906BCC78F6DA75B59
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mahavirsteel.com
Sending IP: 103.99.1.173
From: Meenal Chavan<purchase@mahavirsteel.com>
Subject: RE: 2020/WORK ORDER FOR UTM MACHINE
Attachment: Work-OrderUTM Machine.PDF.rar (contains "WO-File.PDF.exe")

AgentTesla SMTP exfil server:
mail.pro-powersourcing.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.Dual.Extensions@1z141z3.6204.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 06:13:07 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=j4airkegvkuzn4eeiif2benz4kpv34qjmzdlf5f7rp6oy6ats7la._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 4f0088a886aaa996f084420ba091b9e29f5df2096646b2f4bf8bfcec781397d6

(this sample)

AgentTesla

Executable exe c87b319c28a538e76b2f86f21b68efa15581c90c727d36d4fd415a9d899e59dd

  
Dropping
MD5 20a70b9509a96449ec99e50fa5824fed
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c87b319c28a538e76b2f86f21b68efa15581c90c727d36d4fd415a9d899e59dd

Comments