MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d1041ad9b8929f3f84cf7883e5e2df57575f2eafeddb4bd813d960a9e3e32d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d1041ad9b8929f3f84cf7883e5e2df57575f2eafeddb4bd813d960a9e3e32d8
SHA3-384 hash: 13d1a13790552338c7c4befa2fd81b47a9716125e5fe60b4ac22dd497dd1a037cc468bebd3313396aebce3fb2d484ad9
SHA1 hash: 2fc64936a6820fc37ee58c12f2ece5869c001aaf
MD5 hash: 99896e2d4ab752f08797f8f0f20367fa
humanhash: jersey-kitten-delta-jig
File name:TT slip.r01
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'257'516 bytes
First seen:2020-05-04 21:46:47 UTC
Last seen:Never
File type: r01
MIME type:application/x-rar
ssdeep 24576:TpF/om7T/pxx3dB/1BdhIPGHM2EogIvTc1JrJg/jIDffnh93tbCnn:lNVn/1dIPGHMl0w1JObs7d4
TLSH 3D45331AE4D328B9B169F8D914468D22B8F5C717F74049E7A6B33D62CE57196A332C30
Reporter abuse_ch
Tags:AgentTesla r01


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: chita.mrservers.net
Sending IP: 136.243.102.96
From: Sarvina Anyuh <gtomy@dorspecnet.com>
Subject: PAYMENT UPDATE 04/05/2020
Attachment: TT slip.r01 (contains "TT slip.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 22:36:34 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
15 of 30 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=luiedlm3reu7h6cm66ed4xrn6v2xl4xk73o3jpmbhwlavhr6glma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r01 5d1041ad9b8929f3f84cf7883e5e2df57575f2eafeddb4bd813d960a9e3e32d8

(this sample)

AgentTesla

Executable exe c583d55d2f7f5ca522bae9e5c239eb7a2c2566f67b61a33718567d2aa1e44f5c

  
Dropping
MD5 4d97ef0bd4f4805e6d889f572c8a1add
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c583d55d2f7f5ca522bae9e5c239eb7a2c2566f67b61a33718567d2aa1e44f5c

Comments