MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fdc5c0e79f2f7b260bef891f5a4924d67426116b56c76c2a9405fa0eb475e5e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5fdc5c0e79f2f7b260bef891f5a4924d67426116b56c76c2a9405fa0eb475e5e
SHA3-384 hash: 6dddd456698bef860849d0378bc37108eb7268e09bc34202a5d8b178efcf004d0b55650153adb11a1270db1b40c6f391
SHA1 hash: 9dedda1fed19f4e1da021f54faa44fe24e1020a1
MD5 hash: 2c6f2c6b0f8d8799696e7cb55f693f4c
humanhash: carbon-echo-enemy-robert
File name:NEW PURCHASE ORDER-PDF.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:510'334 bytes
First seen:2020-06-08 19:15:54 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:0MYMSfo0ZbE8qlN2qJJ6uWKLLmUxvqzmZwqjT:aflZbEFlNpJJHWK3YmZwqjT
TLSH 85B423BD33FC6D94CA814B3DA4780E0C02843CDEAFB94DC7970256A668DF2BC955AC59
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server01.hoteldelibab.hu
Sending IP: 165.22.16.55
From: Dan Popovici (Laborator Biosol) <flores@procuradurias.com>
Reply-To: agrotranscomex@lorinfo.ro
Subject: Purchase Order-1170026521
Attachment: NEW PURCHASE ORDER-PDF.rar (contains "H7JlERMka2qPaTV.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 19:17:08 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l7ofydtz6l33eyf67ci7ljesjvtueyiwwvwhnqvjibp2b22hlzpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 5fdc5c0e79f2f7b260bef891f5a4924d67426116b56c76c2a9405fa0eb475e5e

(this sample)

AgentTesla

Executable exe c30062f4cde56147d613cd82db50320106572f0247ff964063bc076088d283c9

  
Dropping
MD5 38234fd676dbe808f27f2c8f87f78da4
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c30062f4cde56147d613cd82db50320106572f0247ff964063bc076088d283c9

Comments