MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5cd6cf60b75338abb024d7b491c5ab9c6f904a0643d36e5b24162e8669d7f79c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5cd6cf60b75338abb024d7b491c5ab9c6f904a0643d36e5b24162e8669d7f79c
SHA3-384 hash: 3163f64e8b7a51878b369c001342fbe533b75d5a6895653af1d1ec9991ea42b27f3dc2edbe065d97b0c925af189a3ffd
SHA1 hash: cacf1906d86e877b5c1cee4f88d8091540cc8ccc
MD5 hash: 2ef899754d5e6441abc7def6e7bb4d99
humanhash: gee-mountain-black-freddie
File name:AN-DSI-ASA18070011.pdf.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:749'734 bytes
First seen:2020-07-08 06:30:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:opMNAuZrJlJZvZkb5RFZKwRZDGRlp0wJMHdI0XMj4h4va+PBLEumHMK:qMmuZdZB4pgkZCzJG9os6va+pLEum/
TLSH B0F4235791CB94A8EF6E7E13504C44A3DC712A8E106C827BA353ACB9FE5D036B46361F
Reporter abuse_ch
Tags:AgentTesla arj Endurance


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gproxy1-pub.mail.unifiedlayer.com
Sending IP: 69.89.25.95
From: Rahman <supply@bridesea.com>
Subject: ARRIVAL NOTICE//CHECK HBL//NEW SHIPMENT
Attachment: AN-DSI-ASA18070011.pdf.arj (contains "AN-DSI-ASA18070011pdf.exe")

AgentTesla SMTP exfil server:
secure231.servconfig.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5cd6cf60b75338abb024d7b491c5ab9c6f904a0643d36e5b24162e8669d7f79c/
Threat name:
ByteCode-MSIL.Trojan.Masslogger
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 06:32:13 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ltlm6yfxkm4kxmbe262jdrnltrxzasqgipjw4wzecyxim2ox66oa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 5cd6cf60b75338abb024d7b491c5ab9c6f904a0643d36e5b24162e8669d7f79c

(this sample)

AgentTesla

Executable exe ece95023cb705530533957a23138102a00540fcc5dd6c3441867cb4e0c0af841

  
Dropping
MD5 13a18056088091cb03ea3303f99f9275
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ece95023cb705530533957a23138102a00540fcc5dd6c3441867cb4e0c0af841

Comments