MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 643adbbaad6f67ab9972db8a2ca69c13001c93031448365ac2d74c04d418851d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 643adbbaad6f67ab9972db8a2ca69c13001c93031448365ac2d74c04d418851d
SHA3-384 hash: 9372f300de9a456b46bcdd2bb19477c6300033bdf7dc7e6080ba515f82b8179762922acec9c547fdf3b6bd3668a89739
SHA1 hash: 6eba9d07c7e796fab9b0fdf2497e6cda442fa7d9
MD5 hash: 030ab400795f608b1d7c12339c75d70d
humanhash: delaware-salami-romeo-arkansas
File name:Transaction Recipt0000000000000000000000.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:411'643 bytes
First seen:2020-07-07 12:51:52 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:XeDyCwQcTXsUX4GZGi5n1AQIhzP/exPSK3clS8jK6:SyCwnrL51AQC/edSScoV6
TLSH AA94233B26C8306F91A2E945D83C5284397A8F050A334D57615C19D40CEFAD9FFA6B9F
Reporter abuse_ch
Tags:AgentTesla Endurance rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 142-4-22-49.unifiedlayer.com
Sending IP: 142.4.22.49
From: Ashif C.K – Accounts department <info@npfqqtar.com>
Subject: 50% deposit payment transfer
Attachment: Transaction Recipt0000000000000000000000.rar (contains "Transaction Recipt0000000000000000000000.exe")

AgentTesla SMTP exfil server:
smtp.mail.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/643adbbaad6f67ab9972db8a2ca69c13001c93031448365ac2d74c04d418851d/
Threat name:
Win32.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 12:53:05 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mq5nxovnn5t2xgls3ofczju4cmabzeydcredmwwc25gajvayquoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 643adbbaad6f67ab9972db8a2ca69c13001c93031448365ac2d74c04d418851d

(this sample)

AgentTesla

Executable exe b1c01251f188fd002ea3dccd1b74db29da48f6c40511ec96a6b27de3dfc932a8

  
Dropping
MD5 059c936b80f96502d0fd020672f88e9a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b1c01251f188fd002ea3dccd1b74db29da48f6c40511ec96a6b27de3dfc932a8

Comments