MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 942663f5ac9054490e0fba876ca5ade56d7c4969aa5368f0aa88e247c55e36a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 942663f5ac9054490e0fba876ca5ade56d7c4969aa5368f0aa88e247c55e36a3
SHA3-384 hash: 37190a9ce622973a9b99a9f0606f572f4947136c6fb715907e8e0e6fb0dbbd2312ff7d3a3b1b86ae43c54c8407b3ac9b
SHA1 hash: 359f0b3fc2f9e54f031b121a0044f6026862731b
MD5 hash: b21e1ec82bfc8b16bc8d168fa4ef7768
humanhash: angel-rugby-friend-michigan
File name:Payment Slip1.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:421'610 bytes
First seen:2020-08-10 12:48:42 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:jibVXuODGFXngCdzpwqDla2C1SpEjns5x3Xj3Fsu2auwxlgtVV/ug3jW1:GBXXalnzpKp7SXj3yuiwxw/n8
TLSH 3A9423C7703072A0F420E41463C08AAD714C5A8699A2ECD5AD3769ACD7DCE4BE791F6A
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.bgesoaeg.ml
Sending IP: 5.8.93.45
From: Accounts <candy@bgesoaeg.ml>
Subject: Receipt of Payment
Attachment: Payment Slip1.rar (contains "Payment Slip1.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/942663f5ac9054490e0fba876ca5ade56d7c4969aa5368f0aa88e247c55e36a3/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-08-10 12:50:11 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sqtgh5nmsbkesdqpxkdwzjnn4vwxysljvjjwr4fkrdreprk6g2rq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/942663f5ac9054490e0fba876ca5ade56d7c4969aa5368f0aa88e247c55e36a3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 942663f5ac9054490e0fba876ca5ade56d7c4969aa5368f0aa88e247c55e36a3

(this sample)

AgentTesla

Executable exe 91aec1cffe5f0160137ab5d98b28a1c381465abbb7ad8c2c1c8dd6df05345e34

  
Dropping
MD5 474b9df0f2789b0e0b8e88d0106a449c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 91aec1cffe5f0160137ab5d98b28a1c381465abbb7ad8c2c1c8dd6df05345e34

Comments