MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd15d7610dbf06c140b899c653710162f4f760d5deb88145e753d8ced323f9b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd15d7610dbf06c140b899c653710162f4f760d5deb88145e753d8ced323f9b9
SHA3-384 hash: 8cc811e19a921dc8a45b4f13e0fff0054817d9f0e54fd219bb80d01faa05f971b2765bba041d37552927529c0a2533a5
SHA1 hash: dc2388a6ec9cfe982a0bffc3f543939dbb6f2e53
MD5 hash: 77201bf5a66aa52708891478e00a2ed8
humanhash: bulldog-undress-berlin-batman
File name:NEW USD SWIFT _SCAN TT 190617_2019-NLCIV000003576_ES146009_30309679.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:408'450 bytes
First seen:2020-05-24 07:20:33 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:kJIg/3ea4fWKvhyOuTdSxuMeqyxHXaZqGHq1rVTS+iEjrVIVo2Jmff+:6IA3G+KoO8Q4Mk3aZqGUo5EfbmmfW
TLSH 5D9423E0BF09A36BD7A58CACDE590E2CF2398B1C6797F7E6C62004C154566363F49178
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: lasfragancias.com
Sending IP: 200.110.77.218
From: Vakifleasing <info@barbieri-belts.com>
Subject: AW: swift
Attachment: NEW USD SWIFT _SCAN TT 190617_2019-NLCIV000003576_ES146009_30309679.z (contains "NEW USD SWIFT _SCAN TT 190617_2019-NLCIV000003576_ES146009_30309679.exe")

AgentTesla SMTP exfil server:
ftp.connectus-trade.net:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-24 07:35:48 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
14 of 30 (46.67%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z cd15d7610dbf06c140b899c653710162f4f760d5deb88145e753d8ced323f9b9

(this sample)

AgentTesla

Executable exe c8f6c9f25558e561f9d510ffcfe8f81a2d701afc0ed3bb3ae2bb0435feb0fc9e

  
Dropping
MD5 43a788bd653313049d29866f1614a718
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c8f6c9f25558e561f9d510ffcfe8f81a2d701afc0ed3bb3ae2bb0435feb0fc9e

Comments