MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5860166f811f3456f2f9ebccfead87adf12d60ba51bf6fb8cd6050a7d95da2c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5860166f811f3456f2f9ebccfead87adf12d60ba51bf6fb8cd6050a7d95da2c7
SHA3-384 hash: 6bb81034d71b5ebf8d6334ba4eb464f7d86c9e90c024cb9ec8b027543611ff13859b4d11963d185906395dff0df1b3f0
SHA1 hash: f46bb4cfb20ad71cf1f082a9d3eabb84c72a956b
MD5 hash: 7263c8a0de74a9284671477983b31bd9
humanhash: rugby-golf-enemy-robin
File name:Shipping Details _PDF.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:410'365 bytes
First seen:2020-05-11 08:55:54 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:oih61TR7Uk4bu6k7dbiksRp+2rLSURhbDgq:o46rdvb4/lmmQq
TLSH 4F9423CEFFF0F09E858462E358A85429861F85F71397BFE120418B0FAE52D96B9D1790
Reporter abuse_ch
Tags:AgentTesla rar TNT


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: pkz42-2-spamexpert2.hoster.kz
Sending IP: 185.111.104.33
From: TNT EXPRESS WORLDWIDE <service@tnt.com>
Subject: TNT Delivery Notification: Confirm your Shipment
Attachment: Shipping Details _PDF.rar (contains "Shipping Details _PDF.exe")

AgentTesla SMTP exfil server:
mail.albagoestates.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 14:23:45 UTC
File Type:
Binary (Archive)
Extracted files:
394
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lbqbm34bd42fn4xz5pgp5lmhvxys2yf2kg7w7ognmbikpwk5uldq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 5860166f811f3456f2f9ebccfead87adf12d60ba51bf6fb8cd6050a7d95da2c7

(this sample)

AgentTesla

Executable exe 7c124384c122263b3c98e2cd1208ae98d8964e1f0d3fc08b326fd62cd75bc59a

  
Dropping
MD5 f513831ac9768522af6d291c9ca445c0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7c124384c122263b3c98e2cd1208ae98d8964e1f0d3fc08b326fd62cd75bc59a

Comments