MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1d48af6c730b8cc010178502fda8e9ec9315e328b0f98954a3ce2a30e1b842c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1d48af6c730b8cc010178502fda8e9ec9315e328b0f98954a3ce2a30e1b842c
SHA3-384 hash: 229a3c4ab7e299ab5b8806721aa3bffc7229eae5d2280b9fac562e90a5391f23dcea18a22ff78a8e0ee0d7f9b42e4fcc
SHA1 hash: 9f5f6c5d13c607c66541ca4185fa0599134d9a44
MD5 hash: 973b8f272e05e01fc50cc298dcaf9227
humanhash: vegan-sodium-butter-mike
File name:000995664600.00 COPY.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:344'374 bytes
First seen:2020-07-10 10:22:26 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:8FOOUZliEtJbFoe+YL42Y7uOouvChwZzjvp/qc5hOa4DHwFnelOtb8k:8GjtJZotYPYr6hCNjOa4OnW6
TLSH B07423EC68CB9D79525F28967240E001D8AD7576095202CF0AE23191BBCDEF26E3FE17
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: asean-pacific.com
Sending IP: 103.207.39.104
From: ACCOUNT ASEAN <apl_finance@asean-pacific.com>
Subject: SWIFT MESSAGE USD : 64600.00 SIGNED CONTRACT IMP/2020010 - SC NO : PLG/PI-102/2020-2021 - PL GLOBAL IMPEX PTE LTD
Attachment: 000995664600.00 COPY.r00 (contains "000995664600.00 COPY.exe")

AgentTesla SMTP exfil server:
mail.wasstech.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c1d48af6c730b8cc010178502fda8e9ec9315e328b0f98954a3ce2a30e1b842c/
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 10:24:05 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yhkiv5whgc4myaibpbic7wuot3etcxrsrmhzrfkkhtrkgdq3qqwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 c1d48af6c730b8cc010178502fda8e9ec9315e328b0f98954a3ce2a30e1b842c

(this sample)

AgentTesla

Executable exe 0dac9d7755c33d54aa60d106bb75a2f887cbce8660a7c88b78084b415ea241f2

  
Dropping
MD5 c98f5be705b5401539e24a2c601772b5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0dac9d7755c33d54aa60d106bb75a2f887cbce8660a7c88b78084b415ea241f2

Comments