MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb635362c4ed8715d7b15409b4e2ee86acc36e5201a6baf59fc9b1f252a3b7ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb635362c4ed8715d7b15409b4e2ee86acc36e5201a6baf59fc9b1f252a3b7ea
SHA3-384 hash: 2a1c1efa1d126c2b16d0c832d1fd81b0d00d1f7a7b78f67b804eac675beb5c50b6c292f83d0632e387712ea15c8952c0
SHA1 hash: 536dc08278aaeb966f4401c48565c00bab05225b
MD5 hash: db91f59bfc59629ac9cc8b6858f019e0
humanhash: alanine-angel-robin-river
File name:INVOICE.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'087'120 bytes
First seen:2020-05-24 08:01:56 UTC
Last seen:2020-05-24 08:11:12 UTC
File type: rar
MIME type:application/x-rar
ssdeep 24576:ZeJfAe3FGP5sXVlQoJF2cNSljNJ0UCVC+bcf3kJwJuaNSwT7:wXUP5ZoJF2cNSlJJCA+A/kJwMja7
TLSH 0C3533B93E89672FB64F287419F847506A75436F1B3ED030E6E26E86D3C09A76303E51
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: timberartdesign.com
Sending IP: 103.99.1.173
From: "Marketing Manager"<mkt@timberartdesign.com>
Subject: BEST RATE FOR THIS NEW SHIPPMENT
Attachment: INVOICE.rar (contains "INVOICE.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-24 08:35:29 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar eb635362c4ed8715d7b15409b4e2ee86acc36e5201a6baf59fc9b1f252a3b7ea

(this sample)

AgentTesla

Executable exe 892dabc0bda34c580ef8124ddc7b02ae6afc32edf84f351d6504aafa4d21c917

  
Dropping
MD5 86414b23f95a2b05cee1c7fcaf88d358
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 892dabc0bda34c580ef8124ddc7b02ae6afc32edf84f351d6504aafa4d21c917

Comments