MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d57299499e7243ca395b5545163b78278355f5e4530fb31a943a09084f7e009e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d57299499e7243ca395b5545163b78278355f5e4530fb31a943a09084f7e009e
SHA3-384 hash: 0a82000ee1656e97c28af23689a268231141254f912cf114bb0a7e107129900dfeba4f38b13a933c60a2834597337f03
SHA1 hash: 41eb547ed4bce23de6fae0bb21358a37bd3b631d
MD5 hash: 5dff5b2df05012b7b26a466bd7db430c
humanhash: batman-ack-delta-ack
File name:Contractref2020.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:414'032 bytes
First seen:2020-06-19 06:54:29 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:9vdRFYSQo6jiHDkQO0WoJ8yfPPxInfo+vtXo2lYj6Nx4/IG+s2kO6tZLDIH/EbJr:9vFYSQohDkvmJ4vS2lYG/sjk6KfyJwUr
TLSH 439423B5A1BB5028982661F1962531DA93CD6AC393331BC46CDEB5C24B58CCD62FEFC1
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp.barbadostoday.bb
Sending IP: 77.48.43.64
From: Barbados Today Marketplace <marketplace@barbadostoday.bb>
Reply-To: Env.Nostrum-
Subject: Contract/ref2020/00037
Attachment: Contractref2020.rar (contains "Contractref2020.exe")

AgentTesla SMTP exfil server:
webmail.pat.ps:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2vzjssm6ojb4uok3kvcrmo3ye6bvl5pekmh3gguuhieqqt36acpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar d57299499e7243ca395b5545163b78278355f5e4530fb31a943a09084f7e009e

(this sample)

AgentTesla

Executable exe 040fa26c493247a25994bdc13ac8797ea8343f8087fa8c08ca2743f15f9e9c0e

  
Dropping
MD5 8d409587b9070cf3b602d6bfe6e06e67
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 040fa26c493247a25994bdc13ac8797ea8343f8087fa8c08ca2743f15f9e9c0e

Comments