MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0573c1b945e1199f5f31ababd773810b4e5687cc5b79cc4f1ea7560876562b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0573c1b945e1199f5f31ababd773810b4e5687cc5b79cc4f1ea7560876562b6
SHA3-384 hash: b6bcd9a7427335228f35c525a52bcd60f36a9ee04ea6a4fa35d47177f3f205c29d22d16316c3b585db515e05b7b3979c
SHA1 hash: 43b538acf7f6afda1db7db9ae4db23e03a2b9264
MD5 hash: 4cdee623346559b7ffbe9f68502d3c1d
humanhash: mango-fillet-kansas-east
File name:IMG 24344 NEW ORDER_PDF.r02
Download: download sample
Signature AgentTesla
Create hunting rule
File size:398'963 bytes
First seen:2020-05-22 07:24:33 UTC
Last seen:Never
File type: r02
MIME type:application/x-rar
ssdeep 12288:h9caShIcqzzDfvJMcCjlfRkgnvAEdXLrR3l+:shVgBMcaHdXv1l+
TLSH E384232858A0F2ECCCD6B43EA5BA9B9C5793386DDD8251A118026D3DBD85F35B14B0CB
Reporter abuse_ch
Tags:AgentTesla r02


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.sunman.net
Sending IP: 163.47.84.12
From: Mr Willy Wong <contact@wintrad.com.my>
Subject: RE: Request for Proforma Invoice
Attachment: IMG 24344 NEW ORDER_PDF.r02 (contains "IMG 24344 NEW ORDER_PDF.exe")

AgentTesla SMTP exfil server:
mail.candenizcilik.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 07:36:48 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r02 b0573c1b945e1199f5f31ababd773810b4e5687cc5b79cc4f1ea7560876562b6

(this sample)

AgentTesla

Executable exe e6a6aaa90584d600b801a14dab920d9ce945523a5620029b978f8d236cbbde9e

  
Dropping
MD5 b035dca1c45df0d51fcd63889e4d9096
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e6a6aaa90584d600b801a14dab920d9ce945523a5620029b978f8d236cbbde9e

Comments