MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c44b73f3e7ec22f0d14b53eabdc9e714fab8698a9c77e8e4cf1afc4742d7d14e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c44b73f3e7ec22f0d14b53eabdc9e714fab8698a9c77e8e4cf1afc4742d7d14e
SHA3-384 hash: b9ffcae74781aa8a9aaa6ce30b3b0e297cc9d5929edcc700e4338403d7ca150fe5d52bf77aac5d3850686b8b829a728b
SHA1 hash: 8af7b28033f0bc62486dda1a554a581f8964159c
MD5 hash: 35150714537a87227a902431b50d6d59
humanhash: summer-one-fish-indigo
File name:ADVICE OF DEBIT - BANK CONFIDENTIAL-pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'309'485 bytes
First seen:2020-05-08 09:03:05 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:FFHTJULWA9qWFG3RWKqV1MDe09anStMomSVh4sXMYImEsBdD6ZYCRmvewX:FFHdULWA9qWFyWKqj0Z6JSVhjsaBvz
TLSH 5A5533F22EC774D839D69FE72318DDF452DC6706A2671F81B0AC2F9554AC388A90C91B
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.com
Sending IP: 103.99.1.148
From: Accounts <lequatroglobalsrl@mail.com>
Subject: Fwd: ADVICE OF DEBIT - BANK CONFIDENTIAL
Attachment: ADVICE OF DEBIT - BANK CONFIDENTIAL-pdf.rar (contains "ADVICE OF DEBIT - BANK CONFIDENTIAL-pdf.exe")

AgentTesla SMTP exfil server:
mail.himdiesel.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Script-AutoIt.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-08 09:13:36 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yrfxh47h5qrpbuklkpvl3sphct5lq2mktr36rzgpdl6eoqwx2fha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar c44b73f3e7ec22f0d14b53eabdc9e714fab8698a9c77e8e4cf1afc4742d7d14e

(this sample)

AgentTesla

Executable exe 2a26008c70f7ed131cd1b45fd07aa1a843840e47a9d05953a19974d5f0a436dc

  
Dropping
MD5 4689374ea7614f2fa2298584b4253713
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2a26008c70f7ed131cd1b45fd07aa1a843840e47a9d05953a19974d5f0a436dc

Comments