MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5df1dcfb35359e21ed531020e2fa2ea6eae9f8201438cd5a1728dc7ad328d664. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5df1dcfb35359e21ed531020e2fa2ea6eae9f8201438cd5a1728dc7ad328d664
SHA3-384 hash: 80227361f40f832a84b73d0f51304023e936fa7e9dc24b4d3a9ac601bb5cbf7edad9034b088ecb7a4f6bd86e33ab66aa
SHA1 hash: 93bd37ea62022a08acef3f69812556a00cb155a1
MD5 hash: 44474912b0c8b3d36f8095f484a7c280
humanhash: don-california-hydrogen-spaghetti
File name:Payment Invoice PIJ2D032600.pdf.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:959'263 bytes
First seen:2020-05-27 06:34:40 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 24576:uAbjadT2eGlq2oFIO7b5RE/lffy14C8XwnWlMraahOC:Na92eG42oFFREpMn5eav
TLSH 321533999223C6AC1558F53FC1628E3AFEF64331E06C02BC7536E19797F086A1E56378
Reporter abuse_ch
Tags:ace AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: yourhost.sale
Sending IP: 178.238.233.18
From: Fatih Yildirim <info@fatsakimya.com>
Subject: RE:PAYMENT INVOICE
Attachment: Payment Invoice PIJ2D032600.pdf.ace (contains "Payment Invoice PIJ2D032600.pdf.exe")

AgentTesla SMTP exfil server:
mail.rajalakshmi.co.in:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 06:35:44 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 5df1dcfb35359e21ed531020e2fa2ea6eae9f8201438cd5a1728dc7ad328d664

(this sample)

AgentTesla

Executable exe a431aa89dd427e5145ec7bc7a4b6509edd49b34c0ffc2f966bf51889f0a34e92

  
Dropping
MD5 ada50b4a4772c1723afbf72816f00d09
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a431aa89dd427e5145ec7bc7a4b6509edd49b34c0ffc2f966bf51889f0a34e92

Comments