MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5de66f9995b3205df66da098ddde8e1ff2ca806aa20c2861dc1340df7703db79. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5de66f9995b3205df66da098ddde8e1ff2ca806aa20c2861dc1340df7703db79
SHA3-384 hash: e7c19f99f7e45793c6a097798c837012e18d40917665ffbe4c9b88f03f6a3d8b9b0763b1a5f60945b6dc5084c8e46aab
SHA1 hash: aa89d3494b874aa127271a414ee65543f8d1bd65
MD5 hash: 9d33200e0464aa291aec8c1af9b87d67
humanhash: black-delaware-double-massachusetts
File name:file.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:280'043 bytes
First seen:2020-05-29 05:25:15 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:5/ktyG5DKY4JblVODZ9M4pOIqB2ka31ZP9XKdN53SunfFrf:5wRBCblUDZO4iO3HP9XKf57nfB
TLSH B8542360D11A1F9B9B5458DBEBAA53A73D6BCF41C394CE7C6B80C7278766418AF03E00
Reporter abuse_ch
Tags:AgentTesla geo gz KOR


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: newspamfilter1.mailnara.co.kr
Sending IP: 121.189.61.170
From: Heoung Sik Choi <sohong@pields.com>
Reply-To: yeon87690@naver.com
Subject: 요청드립니다
Attachment: file.gz (contains "file.exe")

AgentTesla SMTP exfil server:
mail.tremdyclub.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-29 05:36:02 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
10 of 48 (20.83%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 5de66f9995b3205df66da098ddde8e1ff2ca806aa20c2861dc1340df7703db79

(this sample)

AgentTesla

Executable exe c85ff24372320b72baa0652814e4288eeb120f94c98e50f59a90a706bf720b1a

  
Dropping
MD5 4fa90c9ca02cf3595e509b97d8f9e182
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c85ff24372320b72baa0652814e4288eeb120f94c98e50f59a90a706bf720b1a

Comments