MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd959e99218acfb6a92cd1eaffa887f1ef5864c13559d65b23f13fc506f4db41. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd959e99218acfb6a92cd1eaffa887f1ef5864c13559d65b23f13fc506f4db41
SHA3-384 hash: b076db1049c3734d1c66a36104a2d6a085eb2a4f07ff7c2cf0dfd467d32fee3b216b51522b81049412b2d595915d85d5
SHA1 hash: e3a379c1c693803a461f508cc2fe69cc5eb8500a
MD5 hash: 78a87f78ae8ae0e39968f212030024f5
humanhash: yellow-november-whiskey-equal
File name:scanned cheque.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:381'393 bytes
First seen:2020-07-07 05:40:49 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:eVqUtMDaiZJe1KgzyH9KQ1pv8KBrU6mGoNMrGEtt5tjxDqs1TX5lujwBWfppfp:aqCf2Je69KQT8oQ69MWGEtt5RTXejIgx
TLSH AC842374F7A41F9F2A4AC06DF7BA52AD6A79EC9C011D020776C7106F845102F1A6F9DC
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mx.tkb.pl
Sending IP: 89.161.65.153
From: Dolj frf <dolj@frf-ajf.ro>
Reply-To: railtrexc@gmail.com
Subject: Bank Cheque Invoice
Attachment: scanned cheque.rar (contains "scanned cheque.exe")

AgentTesla FTP exfil server:
ftp.ciftci.com.tr:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd959e99218acfb6a92cd1eaffa887f1ef5864c13559d65b23f13fc506f4db41/
Threat name:
ByteCode-MSIL.Backdoor.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 05:37:31 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xwkz5gjbrlh3nkjm2hvp7keh6hxvqzgbgvm5mwzd6e74kbxu3naq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar bd959e99218acfb6a92cd1eaffa887f1ef5864c13559d65b23f13fc506f4db41

(this sample)

AgentTesla

Executable exe b55e856692daa6a9b51b3e8e5ca4ef2d78721fabd66d99b181509736a36d0c72

  
Dropping
MD5 c1dc3115fb5af29c1cedcc7cbc953d18
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b55e856692daa6a9b51b3e8e5ca4ef2d78721fabd66d99b181509736a36d0c72

Comments