MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d502db5394201ce5f4220e59840636c83c4633577d7606d202d790427b0e5a9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d502db5394201ce5f4220e59840636c83c4633577d7606d202d790427b0e5a9f
SHA3-384 hash: 57e58ab4c5cd212074057f5ab4aa8d10a901ded7cb258ccf436f807a312b4fe266a4507e5d7101a4130b08175ff6d390
SHA1 hash: 5f31ca3478bbb28595eeca9f25f397cde62c9978
MD5 hash: 1e142e59d87008f761fb8c39efa99c9e
humanhash: batman-yellow-september-quiet
File name:AWB Invoice.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:403'233 bytes
First seen:2020-08-14 08:30:11 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:LAi7CGgOYfCLRIYmEAfvRJz63XJft/g0Omw7j40xg90jY+sFQcPSc4:siGGgZCLREnRFSfRgjmw7dxM0j3N2U
TLSH 79842358A23B697352D82B180BE6ED65D9627D300C3CB1E9F675A4EFE691EB0D0F0D04
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: coscon.com
Sending IP: 95.211.208.58
From: Yang Zhijian <cs_heaq@coscon.com>
Reply-To: y.ang_zhijian@coscon.com
Subject: COSCO SHIPPING LINES CO.,LTD
Attachment: AWB Invoice.rar (contains "AWB & Invoice.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27502.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d502db5394201ce5f4220e59840636c83c4633577d7606d202d790427b0e5a9f/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 02:30:55 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ubnwu4ueaool5bcbzmyibrwza6emm2xpv3anuqc26iee6yolkpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d502db5394201ce5f4220e59840636c83c4633577d7606d202d790427b0e5a9f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar d502db5394201ce5f4220e59840636c83c4633577d7606d202d790427b0e5a9f

(this sample)

AgentTesla

Executable exe 270f03b20754cf26fb20202bb406bb4ecec144718a0850b7e926d0f25d705829

  
Dropping
MD5 524cf523b9c117f02575603dba5d4e50
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 270f03b20754cf26fb20202bb406bb4ecec144718a0850b7e926d0f25d705829

Comments