MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73c1d55d4ff144d1dee4125978db915d9644c36af3fbb33c336fd31ce55a6b43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73c1d55d4ff144d1dee4125978db915d9644c36af3fbb33c336fd31ce55a6b43
SHA3-384 hash: bd5b20a291f86e5ec7cd3ae0f610fc65eb5a779d43b3973c59079f40fa29b326775712b0f3e152a6cfadbd1ce72a05c1
SHA1 hash: 8673ccb5d949453255b436a4096ba82d922b6706
MD5 hash: d12a93df9b82deadec8c88215feacde5
humanhash: bakerloo-california-yankee-alpha
File name:Revised Doc-00865548.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:423'893 bytes
First seen:2020-05-11 08:26:45 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:IitJTp5iGswLHGrrDTkq7Ucgl1ihPUzf4hZonm:lfHiGsgmnDQgiOUr4hqm
TLSH 7D9423712AF62742F1053F35B27AA194D7032C8BF0B1DAE68F8DC97A0592053A7A3D52
Reporter abuse_ch
Tags:AgentTesla cab


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cmbeton.cz
Sending IP: 209.58.149.66
From: Odums Meje <info@cmbeton.cz>
Subject: FW: Amended Documents
Attachment: Revised Doc-00865548.cab (contains "Revised Doc-00865548.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generickdz-7778470-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 02:44:43 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=opa5kxkp6fcndxxecjmxrw4rlwlejq3k6p53gpbtn7jrzzk2nnbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab 73c1d55d4ff144d1dee4125978db915d9644c36af3fbb33c336fd31ce55a6b43

(this sample)

AgentTesla

Executable exe 310c22c27c21f9552c0b7ec5d0c78e0870984a0432758835e07a502175181c5b

  
Dropping
MD5 9ecf4d1cfbd096c7adaa3bf301b52a81
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 310c22c27c21f9552c0b7ec5d0c78e0870984a0432758835e07a502175181c5b

Comments