MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7bfe5be4136b291d190dd1546119a27628ddef63aa738dd16577d8e40a9ddafe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7bfe5be4136b291d190dd1546119a27628ddef63aa738dd16577d8e40a9ddafe
SHA3-384 hash: 03afa5315af7e69b453b83c261e12429baf7bb6b0975e39ba616abd4d3666bc5a6ae18a3b213a986c44c4f5bd193c5b1
SHA1 hash: f1364ac191f21b4cae4b43a8c3e5588700fc2a3f
MD5 hash: f20041526fc5c61a97b13c93f980a89b
humanhash: lamp-eleven-yankee-nitrogen
File name:Shipping documents invoice.r11
Download: download sample
Signature AgentTesla
Create hunting rule
File size:442'156 bytes
First seen:2020-05-27 18:22:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:UgglaMNuf1miCj70X9ooO7VoHGR0NDu2H07YiHMfYelwstih:O8MwLWQX9ooO76+wDuOiHMfYelw6ih
TLSH 8994237747DE2E9058793CE8B81D882E3377A0E5F17DBD0B8B0D171993828545BA960F
Reporter abuse_ch
Tags:AgentTesla r11


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: relaymail.ingenosya.mg
Sending IP: 5.189.167.183
From: Account1 <rist.budapest@rist.hu>
Reply-To: Account1 <rist.budapest@rist.hu>
Subject: Re: Shipping Documents Invoice
Attachment: Shipping documents invoice.r11 (contains "Shipping documents invoice.exe")

AgentTesla SMTP exfil server:
smtp.desmaindian.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:29 UTC
File Type:
Binary (Archive)
Extracted files:
275
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 7bfe5be4136b291d190dd1546119a27628ddef63aa738dd16577d8e40a9ddafe

(this sample)

AgentTesla

Executable exe dde1a479210f5225b0312ff6d155d870a094837a26338d594fb431134449aa16

  
Dropping
MD5 af72fff71c06dafb96e8609be52f0671
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dde1a479210f5225b0312ff6d155d870a094837a26338d594fb431134449aa16

Comments