MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5bd1bb84b6ad7a06e2df0270d109bd3a05cb7e5af437153394569b5bdae1590. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5bd1bb84b6ad7a06e2df0270d109bd3a05cb7e5af437153394569b5bdae1590
SHA3-384 hash: 8f59c9ffdb206ee8f090b091635e4bc5853e35f73d2903c25d8e29d9d94dc71c1ce4801441763e8bd78f756c32fb04eb
SHA1 hash: bb91797df9f07168674ea5dacc4a9d959c44d1b5
MD5 hash: e0faac17233a7f3589ca45a01b09e920
humanhash: pasta-september-hydrogen-early
File name:PO2107020.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:804'033 bytes
First seen:2020-07-21 06:25:05 UTC
Last seen:2020-07-21 06:28:24 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:rTdVBKZQidKzHJhR6COHvi49BVGWJ6+gkmTtfS3qtcEPKUJ6o/ROnDC7uOdcDBfl:rTrhphRdOHvj9BKHkmTzriJW0DjNDPFP
TLSH 59053387AFE353D0C742B7D306CD72D63BE56894BFA948B9E0C744209F1BD5186824BA
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.pt-gbi2.com
Sending IP: 202.93.228.123
From: yani_mi a. angel <yani_mi@pt-gbi2.com>
Subject: Order No. 406/22 of 21/07/2020
Attachment: PO2107020.rar (contains "PO#2107020 P2.bat")

AgentTesla SMTP exfil server:
mail.aylaalgan.com.tr:587

AgentTesla SMTP exfil email address:
info@aylaalgan.com.tr

Intelligence

File Origin
# of uploads :
2
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e5bd1bb84b6ad7a06e2df0270d109bd3a05cb7e5af437153394569b5bdae1590/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 06:26:10 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4w6rxoclnll2a3rn6atq2ee32oqfzn7fv5bxcuzzivu3lpnocwia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e5bd1bb84b6ad7a06e2df0270d109bd3a05cb7e5af437153394569b5bdae1590

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar e5bd1bb84b6ad7a06e2df0270d109bd3a05cb7e5af437153394569b5bdae1590

(this sample)

AgentTesla

Executable exe 671759b97f6889b6732fb377b5af7ccc9df5e8769c2aa07a371caab68c5639fd

  
Dropping
MD5 de381dc0a74ff81c63f46b70135c8210
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 671759b97f6889b6732fb377b5af7ccc9df5e8769c2aa07a371caab68c5639fd
  
Dropping
SHA256 d8a940109eb53d9f23207bea365e2a265ad1b4ba479821085e7f930629532152
  
Dropping
MD5 c9dc9bc6d7c2cfddd3c442e5f0d3838e

Comments