MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f604c007d31081bb48ecdc7a6a6f9f3b81f7810155eddea12c28f49769d0310. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f604c007d31081bb48ecdc7a6a6f9f3b81f7810155eddea12c28f49769d0310
SHA3-384 hash: 7118d76cfab0eb7904bbeee5d6409eb66e590d731d5da2aa4aafa1469046122d19e50c682a16d228f52a489c3f416684
SHA1 hash: 3fbc35c8c6e32bd575eb0d3150ada454b00d8cc0
MD5 hash: 60e49a416d57b91cd49f48f40195bd67
humanhash: connecticut-edward-princess-video
File name:NEW ITEM ORDER.PDF.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-14 08:16:07 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:3jgRQ0WR4CJrHjT4cljSoN221dR7aOwReADRLh+Z/V5:EqRXJXlr82flwEYRN+5z
TLSH E345CF8427AD27B8F1B69BF95A919070C770761A346DD73DAC8910CF0AE1F80E985F27
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.ence.marketing
Sending IP: 62.138.11.76
From: Densbe Admin <admin@seikotech.com.sg>
Reply-To: info@jerryenterprise.com
Subject: RE: Request for Item QUOTE!
Attachment: NEW ITEM ORDER.PDF.img (contains "New order.exe")

AgentTesla SMTP exfil server:
mail.orientalkuwait.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.8f022e14f062f30a.25437.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 08:36:11 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
15 of 31 (48.39%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l5qeyad5geebxneozxd2njxz6o4b66aqcvpn32qsykhus5u5amia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 5f604c007d31081bb48ecdc7a6a6f9f3b81f7810155eddea12c28f49769d0310

(this sample)

AgentTesla

Executable exe d7bc49f7f1d3ec1d3aabc06010f5b7506666385b14f2032943b7d77bc60dc572

  
Dropping
MD5 8f022e14f062f30a227b973dd2598061
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d7bc49f7f1d3ec1d3aabc06010f5b7506666385b14f2032943b7d77bc60dc572

Comments