MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5745a3e8a6ab9a8abdc4882caad9afcab6127c1451fa5f32ffa34274616d2a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5745a3e8a6ab9a8abdc4882caad9afcab6127c1451fa5f32ffa34274616d2a5
SHA3-384 hash: 760736c2389e2d1ac277218324a69ace6cf50263bc504578e0842e4a759e9b9c60def72b9b69dbfc7936fe02b83d4035
SHA1 hash: 4a0145ba23b9c9af2d9a4dcabe2595bd7477734b
MD5 hash: 876bc69adddd822783e57c053fb7c55e
humanhash: don-romeo-cardinal-triple
File name:Ord1506 Vn.CAB
Download: download sample
Signature AgentTesla
Create hunting rule
File size:952'902 bytes
First seen:2020-06-15 13:51:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:8cFe/SMQNvKYev6cuC/Y08wIeagEdOjzHmJWHxr:7A/qNyYesX08wIOjzHmkN
TLSH 6D15332D01B7EC26BCC980F4429B6DF2BB25D97BEAD9E77308D0659642835BC902D374
Reporter abuse_ch
Tags:AgentTesla cab


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vietstar.com.vn
Sending IP: 103.226.248.192
From: info@vietstar.com.vn
Reply-To: info@vietstar.com.vn
Subject: INQUIRY FROM VIETSTAR(ord 1506)
Attachment: Ord1506 Vn.CAB (contains "Ord1506 Vn.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 13:53:03 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2v2fupuknk42rk64jcbmvlm27svwcj6biup2l4zp7i2corqw2ksq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d5745a3e8a6ab9a8abdc4882caad9afcab6127c1451fa5f32ffa34274616d2a5

(this sample)

AgentTesla

Executable exe 145315c07011902569ae70a8d94f190fa4b0dca164a59963886e3ca923670965

  
Dropping
MD5 9941e5b5f5f7f9f1300a6068b8a17459
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 145315c07011902569ae70a8d94f190fa4b0dca164a59963886e3ca923670965

Comments