MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ec7aca2f5f43bcaa01ac207fcd0675c5e21821c8bf5b49ed305a6dad33bc66a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ec7aca2f5f43bcaa01ac207fcd0675c5e21821c8bf5b49ed305a6dad33bc66a
SHA3-384 hash: 7e999db89c80525de8874e9189e2bd8d84e2fee1984459650a32804a8b434ad2a8579bec16004d2487be7114e8730617
SHA1 hash: e3fbda8f375b9b8ff22f847b9b79cb7d30d96e27
MD5 hash: 9e3fab1f0ac8e00b482db16afe5be763
humanhash: island-item-quebec-video
File name:JUNE_PAYMENT_2020.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:482'490 bytes
First seen:2020-07-09 14:27:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:LEo7ZP7J2iFZ+5oKvD5n0qiWNjTg9fr3T3Kk5NWeQzuZpcbnYnRBSkxe08SRffmt:LxFPAC+DbTArj3KktQsyKSmeiwRuFu5
TLSH 4CA42378954E27220FBDCF58A0F5B95A1631073C3860284B66D67FEEC91E7D27B006D9
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.mosansam.gq
Sending IP: 103.109.37.156
From: Alexandra Eckert <admin@mosansam.gq>
Subject: PAYMENT INV20-028
Attachment: JUNE_PAYMENT_2020.rar (contains "JUNE_PAYMENT_2020.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200710-0844.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5ec7aca2f5f43bcaa01ac207fcd0675c5e21821c8bf5b49ed305a6dad33bc66a/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 14:29:06 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l3d2zixv6q54via2yid7zudhlrpcdaq4rp23jhwtawtnvuz3yzva._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 5ec7aca2f5f43bcaa01ac207fcd0675c5e21821c8bf5b49ed305a6dad33bc66a

(this sample)

AgentTesla

Executable exe 49930b2de2b5ee0329fb1cd81b52695b30d2bef7bcbac1c5c54725dc524a1a2c

  
Dropping
MD5 b0b2a2cb5c962486bec09fce883b8c38
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 49930b2de2b5ee0329fb1cd81b52695b30d2bef7bcbac1c5c54725dc524a1a2c

Comments