MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88e6ec5fd85f47d832f1052c159cf0e263a58d5606237a03743a62129e167d64. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88e6ec5fd85f47d832f1052c159cf0e263a58d5606237a03743a62129e167d64
SHA3-384 hash: c321b88153249badf138acc17630ed09f9bf5f5b63e3be118fc73b0bf9f173c47b3034b7d7ce78dc64057896f75418ee
SHA1 hash: b022d40db85019506aff5f4162a23df246043b0f
MD5 hash: 2e6fbe1ceed22bab4eff4a1d14b34aac
humanhash: sierra-kilo-failed-pip
File name:Shipping documents.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:169'727 bytes
First seen:2020-05-22 09:24:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:ygbsktUWrcLNPBLVd7niT1cUg0DzKK35BTVCK6pJWhYkePV6omOWaOCO:7/iWrMBT7ihcUg0PKK3fTr6+hYkDVdaA
TLSH 09F3126EF2AAD2694B4DEDAD3F155785E3C33C238AEDC7991D4F424B4504EA38370026
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mx.fvjifilm.com
Sending IP: 217.61.122.7
From: sam@fvjifilm.com
Reply-To: hswl@co-163.com
Subject: Shipping Documents.
Attachment: Shipping documents.rar (contains "Shipping documents.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 23:06:51 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
17 of 30 (56.67%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 88e6ec5fd85f47d832f1052c159cf0e263a58d5606237a03743a62129e167d64

(this sample)

AgentTesla

Executable exe 7ad3f47cffe8000f670fc88c0069317e4de985dd1802aab8050bca396340b20b

  
Dropping
MD5 44050dd8851271b65f81c3e8dae35969
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7ad3f47cffe8000f670fc88c0069317e4de985dd1802aab8050bca396340b20b

Comments