MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e74b54aaa7439a5365f5a3a1b1c23b5ed542eacb78f1db095424b4d1b5bca72b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e74b54aaa7439a5365f5a3a1b1c23b5ed542eacb78f1db095424b4d1b5bca72b
SHA3-384 hash: dd97b8c9f46f38749d3ce6bbf340f9c35d99b8252ae03d03af259427f8a45873a7b7d900449e5b1d521d6b0fe8848b7a
SHA1 hash: d524831841ed340cb9b8c81209fae48d693baab1
MD5 hash: 1224419c869cad66c1138ad222ca7799
humanhash: magazine-mars-victor-mockingbird
File name:PURCHASEORDER.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:950'985 bytes
First seen:2020-06-11 05:29:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:X+Zs45HaxvfaQOptO9HlN9seimPiL8EaVohGZb:XGs4kxOtyHlHsVmPiLAVoOb
TLSH DA1533D69DB047E35AD4C41D018EAACDEB3E258C4FB0E57588991F03E9606BB3778B18
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cloudserver1.villarambuttri.com
Sending IP: 128.199.93.242
From: EUROPA ELECTRONICS<Jaapp4@rbt.co.th>
Subject: enquiry
Attachment: PURCHASEORDER.rar (contains "PURCHASEORDER.exe")

AgentTesla SMTP exfil server:
mail.panchavatihotels.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 05:31:04 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=45fvjkvhionfgzpvuoq3dqr3l3kuf2wlpdy5wckues2ndnn4u4vq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar e74b54aaa7439a5365f5a3a1b1c23b5ed542eacb78f1db095424b4d1b5bca72b

(this sample)

AgentTesla

Executable exe 1faba9f573640512a72c7abd548b5b835b17328df98a300c370f8beefc8e675e

  
Dropping
MD5 5da4895b40a33f648ab1f6772a0e377e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1faba9f573640512a72c7abd548b5b835b17328df98a300c370f8beefc8e675e

Comments