MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ee96df01eed33abbd58034f54e9194a21acdacb54894a3e18c9d46dce053c95. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ee96df01eed33abbd58034f54e9194a21acdacb54894a3e18c9d46dce053c95
SHA3-384 hash: 50dd4f880c64d00cfb94ff942a354d8d498f8beda7bf316a7aa296cb5c9b7808651b18b647e0d7801c6b4d84829b4eca
SHA1 hash: 1071107a197a49e91160f45a88d5f5901cda9c0c
MD5 hash: 81a56fffaca0e265d3431c3ab6f6e91d
humanhash: failed-five-double-artist
File name:IMG 24344 NEW ORDER_PDF.r02
Download: download sample
Signature AgentTesla
Create hunting rule
File size:439'579 bytes
First seen:2020-05-15 06:45:19 UTC
Last seen:Never
File type: r02
MIME type:application/x-rar
ssdeep 12288:aZIjlVs7YP/emFS9mqzyFrSlJ+EyAQBmyp7p3Dw:aqzs+2mFiMSOaQkSd8
TLSH 7D94234F99264FC97E30B83499BC217A466824E2AF0B3CD20AC7489DFAD7314CAD4177
Reporter abuse_ch
Tags:AgentTesla r02


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: linuxplesk5.openhost.net.nz
Sending IP: 112.109.81.163
From: Alejandro Ferreyra <chutima@dextragroup.com>
Subject: RE: Request for Proforma Invoice
Attachment: IMG 24344 NEW ORDER_PDF.r02 (contains "IMG 24344 NEW ORDER_PDF.exe")

AgentTesla SMTP exfil server:
mail.candenizcilik.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-15 07:36:15 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l3uw34a65uz2xpkyanhvj2izjiq2zwwlkseuupqyzhkg3tqfhskq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r02 5ee96df01eed33abbd58034f54e9194a21acdacb54894a3e18c9d46dce053c95

(this sample)

AgentTesla

Executable exe 0216034e50b3ee4072e80011e979e1f62c7e7f5c2209c1d65b7311240430c109

  
Dropping
MD5 5be3bb07548ca07aa77db47e9833de33
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0216034e50b3ee4072e80011e979e1f62c7e7f5c2209c1d65b7311240430c109

Comments