MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92ef2c9463b726f151cbc2bac57f6124fd355aa90ec4424de8500a543cfbc457. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92ef2c9463b726f151cbc2bac57f6124fd355aa90ec4424de8500a543cfbc457
SHA3-384 hash: aec72c46db890e7ad6b32915c73bd9021ba803bacfeab3cc0dbc28b5c8832565ec384ad9dc054ee6f3088ec9b1cd4404
SHA1 hash: ac4d5d0679e7e29ede82fe06b9a066497453619b
MD5 hash: d661af709699e60d826ca7e2a003ec28
humanhash: single-butter-zebra-potato
File name:Purchase Order pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:398'704 bytes
First seen:2020-08-18 06:25:59 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:ayHG1tGUDH9qi0rnQbfYc2kXKBr3fpXRh1YOogrLb:lHYt/qnjQbfbnXKBrvpRDY6b
TLSH B684239569F7921EF6AFD3D3A657023700B6D00FBCE4F5423E5512952AB29B0075CAF0
Reporter abuse_ch
Tags:AgentTesla GoDaddy rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: p3plwbeout06-01.prod.phx3.secureserver.net
Sending IP: 97.74.135.56
From: <info@foodsinseason.com>
Subject: Purchase Order
Attachment: Purchase Order pdf.rar (contains "x1mxcUXjjHMfaSa.exe")

AgentTesla SMTP exfil server:
smtp.annlap.com:587

AgentTesla SMTP exfil email address:
huverteamup@annlap.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/92ef2c9463b726f151cbc2bac57f6124fd355aa90ec4424de8500a543cfbc457/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 23:21:00 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=slxszfddw4tpcuolyk5mk73bet6tkwvjb3ceetpikaffiph3yrlq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 92ef2c9463b726f151cbc2bac57f6124fd355aa90ec4424de8500a543cfbc457

(this sample)

AgentTesla

Executable exe 12846f275b6c95522b1b02433f0b11ea979cc328e0ea607c9d706b222d6ebd5a

  
Dropping
MD5 68856fdacb6584e5890f829511aeb545
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 12846f275b6c95522b1b02433f0b11ea979cc328e0ea607c9d706b222d6ebd5a

Comments