MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 681130c6205cf3a8d93b0cfaea0abd1b546423108fcbcdc6033260f50a04355d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 681130c6205cf3a8d93b0cfaea0abd1b546423108fcbcdc6033260f50a04355d
SHA3-384 hash: 4d7525ef04ae00dc008d8de942475920464538aaadf1245f1144533447f02bac3621f07ba0cf880d424ef17fed63dc15
SHA1 hash: bca1ae0264381081ea977ffdf41020e3650e058a
MD5 hash: f6588d5655b118db8d99785ef3f595ae
humanhash: oscar-gee-four-seven
File name:Singapore_Order.r11
Download: download sample
Signature AgentTesla
Create hunting rule
File size:422'070 bytes
First seen:2020-05-28 06:15:48 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:G/gaoeW7f6kBV3LVj2I6mlfbxHrORfd+LHpZsQ+60esl2hsa23c:G/gqW7f6kzpj2IvlfbxHu0LbsaKhLM
TLSH AB9423911F0037DA2B7F673323F3A7611A4A9F6E57D30A97154878AE2880EDC85274E9
Reporter abuse_ch
Tags:AgentTesla r11


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.dirickx.mg
Sending IP: 213.136.83.114
From: Solutions-Food Ingredients <bgd@ntd.com.vn>
Reply-To: bgd@ntd.com.vn
Subject: Offer Request: Tapioca /GMO FREE/ for Singapore customer.
Attachment: Singapore_Order.r11 (contains "Singapore_Order.exe")

AgentTesla SMTP exfil server:
smtp.desmaindian.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 06:36:51 UTC
File Type:
Binary (Archive)
Extracted files:
296
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 681130c6205cf3a8d93b0cfaea0abd1b546423108fcbcdc6033260f50a04355d

(this sample)

AgentTesla

Executable exe 37b85443100f078008ce5313208784c66a7a3b73e199de6f4344787d6dfc5a0e

  
Dropping
MD5 9d0e062c446f984bcac9ceac7341bc37
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 37b85443100f078008ce5313208784c66a7a3b73e199de6f4344787d6dfc5a0e

Comments