MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5c4747d9d0259bd984a9d795eb779b0e3d97ee737d929ece008622c9b83e29d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b5c4747d9d0259bd984a9d795eb779b0e3d97ee737d929ece008622c9b83e29d
SHA3-384 hash: c549a9e7bb78f45bd4922161b9dcd15a7c7b013249af25f7d4e077a33fa08860328da5e5ebc9b9dc52b04297619de054
SHA1 hash: 3bd24b3929025c63f441883bf28daeffcc21d9e1
MD5 hash: 56f39d793cd1798d69f44ca644dd9d2f
humanhash: alaska-black-mexico-september
File name:SamplesSpecification0908999.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:396'437 bytes
First seen:2020-05-23 11:58:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:pUBI0gN0raa2CLon79mtvD0wOP6naMQEiZroR57TsCTEEZ/pwm8Hw:iBIxN0ragcn7AOPQQRw7QC7b8Hw
TLSH 8684238F880BAB75695FDE183CFB315287956EEC54AD1405C4C84EDB33A22BC1A5C8F9
Reporter abuse_ch
Tags:AgentTesla Yahoo zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sonic304-21.consmr.mail.ir2.yahoo.com
Sending IP: 77.238.179.146
From: Farshid Bolghari <aymanattar2006@yahoo.com>
Reply-To: Farshid Bolghari <aymanattar2006@yahoo.com>
Subject: SAMPLES
Attachment: SamplesSpecification0908999.zip (contains "Samples&Specification0908999.bat")

AgentTesla SMTP exfil server:
mail.ejitech.com.ng:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Hosts.47613.20169.5803.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-23 12:36:36 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b5c4747d9d0259bd984a9d795eb779b0e3d97ee737d929ece008622c9b83e29d

(this sample)

AgentTesla

Executable exe 7f739c5eac76d496c71d9a0b24abe3d9990adb95321a1145eff1f3e68e3c4745

  
Dropping
MD5 d1895454be39ed5a9645918b2ea267e6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7f739c5eac76d496c71d9a0b24abe3d9990adb95321a1145eff1f3e68e3c4745

Comments