MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d919c2a725bffb90f52e885f283af81c2a2a06ff9c75257c039995d1e2cb9fe0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d919c2a725bffb90f52e885f283af81c2a2a06ff9c75257c039995d1e2cb9fe0
SHA3-384 hash: cafacf6b487f14c85b5696a57ed82c5c19128c1e042a9100e11aa44bde4d079de67190dd05655661b530ecc788fbb101
SHA1 hash: a943baf2bfdb30e1780e378f66ccc23cb38230a4
MD5 hash: ea6bfca29e3109251612614ed8bef35d
humanhash: glucose-wyoming-floor-mexico
File name:specification.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:413'988 bytes
First seen:2020-08-08 07:51:58 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:gay1AHepXntX7tWt8Ou/9fMsDNF3/kfBarC:g1A+pXnRt79fTp5cfEG
TLSH 3D94238F6CA5A9F5AA47F0F710543140F8B5495B48FD22FA234D2F19784863E8EC8D2E
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: neccodoha.com
Sending IP: 95.211.208.58
From: VISHNU SANKAR <project@neccodoha.com>
Reply-To: project@neccodoha.com
Subject: Request for Quotation for Boundary Fence CLEARVU (1.8m Height) including Castle Spikes
Attachment: specification.rar (contains "specification.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d919c2a725bffb90f52e885f283af81c2a2a06ff9c75257c039995d1e2cb9fe0/
Threat name:
ByteCode-MSIL.Trojan.Masslogger
Create hunting rule
Status:
Malicious
First seen:
2020-08-08 07:53:08 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3em4fjzfx75zb5jorbpsqoxydqvcubx7tr2sk7adtgk5dywlt7qa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d919c2a725bffb90f52e885f283af81c2a2a06ff9c75257c039995d1e2cb9fe0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar d919c2a725bffb90f52e885f283af81c2a2a06ff9c75257c039995d1e2cb9fe0

(this sample)

AgentTesla

Executable exe 05ca2e91487fabbc48268832f39819dd0bc562b8cd4c3561585f45eb3ed6e683

  
Dropping
MD5 d6eb8a6df5873888e78226f1f97889bc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 05ca2e91487fabbc48268832f39819dd0bc562b8cd4c3561585f45eb3ed6e683

Comments