MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 713525422f4229958a55836113954b04492df8a2e932cc981337b03c4a0dafb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 713525422f4229958a55836113954b04492df8a2e932cc981337b03c4a0dafb4
SHA3-384 hash: af4b4d711cefd70db4b61abe57ed442de87b0cabf2e03682f5fcda7fa8a4faebe6dbb0cf420af1d037dc9b710084100c
SHA1 hash: 99388961941a8c3bb46d47fbb441cb80a71b59db
MD5 hash: 6bbe1ef6a53a8f55149b98fc3f10f775
humanhash: west-white-pluto-white
File name:BLSHIPPING DOCS.r15
Download: download sample
Signature AgentTesla
Create hunting rule
File size:343'392 bytes
First seen:2020-07-02 07:00:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:DrelngN37PWB63qipaYyErjiL6r8xL5wExaEncay5HbLI1T6WWHkl0D9yrK1ywDw:Dr4gNrThparkjiL6r8xl+C1+4a923wk
TLSH 637423A7E948783C5AF875CA02A305CCFF7C20F1AF27CF51D810642ACE18972A99B5D5
Reporter abuse_ch
Tags:AgentTesla r15


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail1.hostingww.com
Sending IP: 192.211.50.34
From: paul.gogoseanu@crilelmar.ro
Subject: REF: BL INVOICE SHIPPING DOCS/ARRIVAL SCHEDULE FOR MSKUJH6020/SEAEX18F240
Attachment: BLSHIPPING DOCS.r15 (contains "BL&SHIPPING DOCS.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/713525422f4229958a55836113954b04492df8a2e932cc981337b03c4a0dafb4/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 07:02:11 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oe2skqrpiiuzlcsvqnqrhfklares36fc5ezmzgatg6ydysqnv62a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 713525422f4229958a55836113954b04492df8a2e932cc981337b03c4a0dafb4

(this sample)

AgentTesla

Executable exe e0c23a31503a925766b4e7604be93d4065f7f621ed1a121c6440e10f598393eb

  
Dropping
MD5 47af256ed0a07af78bc0993f285f5e84
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e0c23a31503a925766b4e7604be93d4065f7f621ed1a121c6440e10f598393eb

Comments