MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df8493376447c1a63980f123a63223c7ab873ff92a9fcefd8fe2cf9e60695af7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df8493376447c1a63980f123a63223c7ab873ff92a9fcefd8fe2cf9e60695af7
SHA3-384 hash: e630410a57680d6760e20455f26c0b5ecaf690d5344a9b835e6d381a0be8fa16903e8127b6e5376c8031a16f83866c9f
SHA1 hash: d89499df0290c265b4d0016cbb827d02b6427919
MD5 hash: 41e71f8736a2b88fa215486e2c59fc40
humanhash: robin-bulldog-juliet-neptune
File name:NEWORDER.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:362'394 bytes
First seen:2020-05-19 05:58:07 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:x88vFc6m5KhWnE4N8CDpjYzAKF2xznJofz3h/HpSTpVCaBnnyNzCklrrELxLdBa:x8Kc6aEQ8CNE7F2xrJofzRw1MMnyQktb
TLSH 947423EEF3FEABDB862364D6553A10B2616C541F8495A03BC757674912C9C8B303BA0E
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.nevasys.com
Sending IP: 81.23.104.214
From: KIM <info@toyohashi.ed.jp>
Reply-To: abs000010@outlook.com
Subject: New Order Request
Attachment: NEWORDER.rar (contains "NEWORDER.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Dothetuk
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 14:26:21 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=36cjgn3ei7a2moma6er2mmrdy6vyop7zfkp457mp4lhz4ydjll3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar df8493376447c1a63980f123a63223c7ab873ff92a9fcefd8fe2cf9e60695af7

(this sample)

AgentTesla

Executable exe bca2dfcc165159c1432087a9adf1921baf2f53dd52b69be50e5cf400f4c0cd8d

  
Dropping
MD5 4dc4febea8bcf61b80a4068bcc7d7264
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bca2dfcc165159c1432087a9adf1921baf2f53dd52b69be50e5cf400f4c0cd8d

Comments