MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a17340d016009bdb06c5477256923d7a6edf86858c1b544584058e60366b3ae9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a17340d016009bdb06c5477256923d7a6edf86858c1b544584058e60366b3ae9
SHA3-384 hash: b6dd734afa08a2cc3313a7c675a0cd835b44aee3f84bf174594d391ba89f17277f88bc03b6d048d0292889839cd8076b
SHA1 hash: 6a31695ef40766cf412ebf634e33ec7255cedf4e
MD5 hash: 1ffbf09ad243b917f11d504a5cf5d02e
humanhash: berlin-lake-don-triple
File name:MV TBN CALL PORT FOR LOADING COAL_pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:378'994 bytes
First seen:2020-07-13 06:38:00 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:KwCPRPRdfmizew8su1epIHTYiOuN2D4Q2nPy9KTnufu:aPBfm9N1emHsiO9DiPwKku
TLSH F68423A0726E252939BA80D6FA1FFFA19E54DC5301C43B96D1863779D84F0BB836A131
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.winningshipping.com.cn
Sending IP: 119.167.221.3
From: acct@fiveocean.co.kr <fleet1@winningshipping.com.cn>
Subject: MV TBN CALL PORT FOR LOADING COAL
Attachment: MV TBN CALL PORT FOR LOADING COAL_pdf.rar (contains "MV TBN CALL PORT FOR LOADING COAL_pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a17340d016009bdb06c5477256923d7a6edf86858c1b544584058e60366b3ae9/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 06:39:07 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ufzubuawacn5wbwfi5zfner5pjxn7bufrqnvirmeawhgantlhluq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar a17340d016009bdb06c5477256923d7a6edf86858c1b544584058e60366b3ae9

(this sample)

AgentTesla

Executable exe 5f26ec6a89a14aedcee85883d41d5ca81a2ba2a7c99ec464abaa5bd63b6cbe1b

  
Dropping
MD5 aa683fc072f3ae7d3746555ad0d2fa86
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5f26ec6a89a14aedcee85883d41d5ca81a2ba2a7c99ec464abaa5bd63b6cbe1b

Comments