MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d5ae2c33251e011015acc714d026727fd244db0e3c1338aaafa5833ac7a6a1a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d5ae2c33251e011015acc714d026727fd244db0e3c1338aaafa5833ac7a6a1a
SHA3-384 hash: 5562d6791317b79bedba1b57788262b7b322a98e0df6f0570d667dbc7e836d617102f66b8921a49971c852ac50d4eb06
SHA1 hash: 6c34b1accb5b73b6fb38adb9bd99baa36e02f408
MD5 hash: d9f0712d0773bc77dbab90928bb57f13
humanhash: purple-utah-salami-nitrogen
File name:DETAILS AMOUNT.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:416'537 bytes
First seen:2020-07-10 07:36:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:X9KwSWRFAZJQ6HYOX3MQqVLTRU3UOIgs38efusFpx3N3HcXqHSM05LYgH+1:X8gS7sLLCUOEMe2s13dHwqt05z+1
TLSH 8C942328364DCD2EFEE337658AC664D9D2FDB16C109622FA0EC6D4469F2854D23D9F02
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cpshared8.tedata.net
Sending IP: 213.158.180.204
From: Doris Anon <doris.anon@slazengergolf.com>
Subject: USD 5950 Transfer for Import Payment Settlement
Attachment: DETAILS AMOUNT.zip (contains "DETAILS AMOUNT.exe")

AgentTesla SMTP exfil server:
mail.elfengineeringintl.com:587

AgentTesla SMTP exfil email address:
directortechnical@elfengineeringintl.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5d5ae2c33251e011015acc714d026727fd244db0e3c1338aaafa5833ac7a6a1a/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 07:38:08 UTC
AV detection:
32 of 47 (68.09%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lvnofqzskhqbcak2zryu2athe76sitnq4pathcvk7jmdhld2nina._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 5d5ae2c33251e011015acc714d026727fd244db0e3c1338aaafa5833ac7a6a1a

(this sample)

AgentTesla

Executable exe 28e88078dd3f0800cde733e29446add851a4223ce596ffe17ac38977cd903e37

  
Dropping
MD5 72f6d2e7695cbb193dd0c2feb017f627
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 28e88078dd3f0800cde733e29446add851a4223ce596ffe17ac38977cd903e37

Comments