MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d54ef6703b246c0b7e93701ca2197b75d27e773ead7df752111824f37b3ca85b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d54ef6703b246c0b7e93701ca2197b75d27e773ead7df752111824f37b3ca85b
SHA3-384 hash: 2c3487a6209afc4b182641ab398becc0b4b7afd2d661fd818eee608a9baabc37fb3bf13e6608d943a4c73efc5bd2c5f2
SHA1 hash: 9fcf391ab9578def1a3fada33ddfc71bcd1d06f9
MD5 hash: 83ef775a5428298d44da310c0ccd4315
humanhash: ink-don-mockingbird-jig
File name:Bank Detail.rar00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:576'716 bytes
First seen:2020-07-08 16:49:40 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:bXzcQcUIrx9NjXKYc/dL+MTPZpxDD87rLKScULh3fTXFdWg2okWTf+:bncUqLtaLdaMTPxDw7q1UlTFwgRNz+
TLSH A1C423D6AD7419E02C9D571AE872FFEB264CA874D000FE99C0E78DEA46E47931270D27
Reporter abuse_ch
Tags:AgentTesla rar00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: helka.com.hk
Sending IP: 103.207.38.151
From: gz-may.wong@helka.com.hk
Subject: RE:BANK DETAIL
Attachment: Bank Detail.rar00 (contains "Bank Detail.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Troj.Bredo-AIC.17819.23933.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d54ef6703b246c0b7e93701ca2197b75d27e773ead7df752111824f37b3ca85b/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 16:51:06 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2vhpm4b3erwaw7utoaokegl3oxjh45z6vv67ouqrdaspg6z4vbnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar d54ef6703b246c0b7e93701ca2197b75d27e773ead7df752111824f37b3ca85b

(this sample)

AgentTesla

Executable exe 4da20e109fa5a316a12aac9c778bac8cbf31b154ff99bc159e4ad98d2920d18a

  
Dropping
MD5 6e0cdaf8f0d69e5b0d4b668ca57054f8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4da20e109fa5a316a12aac9c778bac8cbf31b154ff99bc159e4ad98d2920d18a

Comments