MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1dbd196d36d811854ae854a483d35935035c7d3724179ea46191fac8ba20755. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1dbd196d36d811854ae854a483d35935035c7d3724179ea46191fac8ba20755
SHA3-384 hash: 1234d0bd238efec384b4e39e67ac526d0f0ce486f6693501c59d8077e64d3591ca525a014c7e11cd1fcff34323c21654
SHA1 hash: e9d0e3a75c4b8f67a94d17d54137299ff137ed70
MD5 hash: 6bd3359c9a3c3575073763799d636524
humanhash: artist-undress-speaker-nebraska
File name:Payment Advice Ref98878.Scan.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:439'284 bytes
First seen:2020-07-07 12:53:51 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:DqGEn21VM/MXFLiMU8jLx0/LY4oih9gt4Y:7Czgx0/LYE9TY
TLSH F39423A183CA05740D32D7869FA1D3ED587807328F801B2E1A4DC96DF06E8D7EDBA5E5
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ngay6.localdomain
Sending IP: 45.127.62.137
From: howell@bento.com
Subject: Payment Advice - Advice Ref:[48934] / Priority payment / Customer Ref:[0000568988]
Attachment: Payment Advice Ref98878.Scan.rar (contains "Quotation 98878.Scan.exe")

AgentTesla SMTP exfil server:
mail.dehydratedoniongarlic.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b1dbd196d36d811854ae854a483d35935035c7d3724179ea46191fac8ba20755/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 12:55:07 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=whn5dfwtnwarqvfoqvfeqpjvsnidlr6tojaxt2sgdep2zc5ca5kq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar b1dbd196d36d811854ae854a483d35935035c7d3724179ea46191fac8ba20755

(this sample)

AgentTesla

Executable exe 6b35aa643ec1006130a3ad1cdebb98e94e7f2f51ba75603e6e5887d4d487fd5a

  
Dropping
MD5 883f310e3695dd1c848ff1fd53d3cd3d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6b35aa643ec1006130a3ad1cdebb98e94e7f2f51ba75603e6e5887d4d487fd5a

Comments