MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e641e8bd86da39f9c04ad13672bb2f84a29207cf09b3f7ede7eeb26b24e75a88. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e641e8bd86da39f9c04ad13672bb2f84a29207cf09b3f7ede7eeb26b24e75a88
SHA3-384 hash: a953f1527098db7a0c7e4b650aebfde719f550319b2c6ce978519dfcd4cebfef36d2a246b38d490efbe8fee8f11c377d
SHA1 hash: a02e43c6b2cf0d0d2d773cd4ede0a4ffd51cdd09
MD5 hash: d7fa44af0dde9bd3f7f7734da79874e4
humanhash: jupiter-avocado-hamper-september
File name:MAY STATEMENT.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:362'598 bytes
First seen:2020-06-12 06:43:38 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:y1ujdwO7CdPeMx3gxefdEnmHw+pAByAWlYxAAwaxRPevzhVHtX5ad5FCFY:M26ReUlEmHwQvAWixAzafmVxtta
TLSH 097423A4B137A5FA91D033B65B4E5C493CB6F54C2CEF54E0B4501C81A8CCDAEB5BC62A
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: locking-assemblies.cn
Sending IP: 95.211.208.25
From: Cassie Chen<sales@locking-assemblies.cn>
Reply-To: Cassie Chen<nicolasdiegonicolas@gmail.com>
Subject: RE : STATEMENT FOR THE MONTH OF MAY 2020
Attachment: MAY STATEMENT.rar (contains "MAY STATEMENT.exe")

AgentTesla SMTP exfil server:
smtp.bapipl.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-06-12 06:45:11 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4za6rpmg3i47tqck2e3hfozpqsrjeb6pbgz7p3ph52zgwjhhlkea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar e641e8bd86da39f9c04ad13672bb2f84a29207cf09b3f7ede7eeb26b24e75a88

(this sample)

AgentTesla

Executable exe baf91cfaa5695565da625a4b9e038ccb2a33dc1826e8d4b3dc274fd098e5e524

  
Dropping
MD5 7d551a93ed1dacf775e212a6465ccdad
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 baf91cfaa5695565da625a4b9e038ccb2a33dc1826e8d4b3dc274fd098e5e524

Comments