MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83598296261998981171b0911709ecdafa82fff599e8ecd0a644675a84224331. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83598296261998981171b0911709ecdafa82fff599e8ecd0a644675a84224331
SHA3-384 hash: f16867f603d1b407dcb50452f0c871e1d48ccd00429f750941d4dff8f59d5490c643d25d5d73bc37e1ac94a8ceaf7fa7
SHA1 hash: e80737a242afff366c4c924c09d25373c21e1143
MD5 hash: dfb68fd8c616e7d533bfda4b8c77a05e
humanhash: washington-jersey-enemy-asparagus
File name:Agency appoinment letter MT.Sinar MalukuV.0420.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:456'173 bytes
First seen:2020-05-27 08:05:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:QrOlZR1zzfjS81OLfs46Mx53aB+jBa+17z:Fz1/GLfs46aO+jBa+t
TLSH 2AA423E00B9A797ABB761701132E6F1842D2B1B9054209F07A57BA3E7EC7D0E1F905D6
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail0.716.dlvtminio.casa
Sending IP: 134.209.155.78
From: Glory Shipping Marine Co., Ltd <akhaltsikhe@sharm.ge>
Reply-To: thomas.wright2005@gmail.com
Subject: Agency appoinment letter MT.Sinar Maluku V.04/20
Attachment: Agency appoinment letter MT.Sinar Maluku V.0420.rar (contains "Agency appoinment letter MT.Sinar Maluku V.0420.exe")

AgentTesla SMTP exfil server:
mail.gopaldasvisram.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 08:37:08 UTC
File Type:
Binary (Archive)
Extracted files:
21
AV detection:
14 of 30 (46.67%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 83598296261998981171b0911709ecdafa82fff599e8ecd0a644675a84224331

(this sample)

AgentTesla

Executable exe 28e233a8cc47a8cf308a0f84d71d888c49a09bdbae6703b7f6a7f9cb7f184d04

  
Dropping
MD5 f5f9472638e8f378e8b1d947e2bbbdbd
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 28e233a8cc47a8cf308a0f84d71d888c49a09bdbae6703b7f6a7f9cb7f184d04

Comments