MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c85db40f5edf7fb409e5a1927f6f95f28691a745ae4785e693500a496ee1426f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c85db40f5edf7fb409e5a1927f6f95f28691a745ae4785e693500a496ee1426f
SHA3-384 hash: 1306e91d3aefc2296af68fe8d80b69c3df8a1221e9a9b52a9c64312833b9f84221fccb3e5ae4b8b5dfaa250572443384
SHA1 hash: 27114dc1f60c69b13636b6ac9b8cffa332848dc2
MD5 hash: 39d8a7d58474a9adbab8f26a51c1ffe4
humanhash: indigo-oscar-magazine-carpet
File name:DOCUMENT.PDF.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:413'381 bytes
First seen:2020-05-28 13:57:10 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:argNHDQMSxpwWwIIUjs75whPr7IQ7tHhknDAK4WKq40SDz6g/CzNKftog7v8Sa/S:aKXSx1wfqOc/IQvoOW3wCzNK1v8rq
TLSH F49423F6964929F59ABC71204F0C4E40B2A43C2B18D4BB3BC9AF54268D537D6C74ADB3
Reporter abuse_ch
Tags:AgentTesla DHL r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: amprevive.us
Sending IP: 173.82.206.7
From: services@dhl.com <info@amprevive.usf>
Subject: DHL STATEMENT OF ACCCOUNT: OUTSTANDING PAYMENTS
Attachment: DOCUMENT.PDF.r00 (contains "DOCUMENT.exe")

AgentTesla SMTP exfil server:
mail.kalatecnic.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 14:36:10 UTC
File Type:
Binary (Archive)
Extracted files:
11
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 c85db40f5edf7fb409e5a1927f6f95f28691a745ae4785e693500a496ee1426f

(this sample)

AgentTesla

Executable exe ca1bd575c42ce30ba0cb7bda8abfc2976c3781327c4881830b51dbc88e6eb7de

  
Dropping
MD5 9ee9263383da724d950b4d20344ad1fb
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ca1bd575c42ce30ba0cb7bda8abfc2976c3781327c4881830b51dbc88e6eb7de

Comments