MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f808324836f1dd7c98cdda6f1f383c52b7059410d1acd4f1386d98d7afbe6a7a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f808324836f1dd7c98cdda6f1f383c52b7059410d1acd4f1386d98d7afbe6a7a
SHA3-384 hash: 1aeeeb2d984bd9a82639469ca5e6ebc6fde79b1a0e0a23d7c94be21445f68993b25208392d573342f49b933bf76d5631
SHA1 hash: 5b818d6e72523e074e37eaf0616ef167cc25837b
MD5 hash: 83a34bbf96b783d330643d10d58197a5
humanhash: vermont-oven-jupiter-bulldog
File name:Proforma Invoice IHR20200599497595.pdf.r15
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'197'875 bytes
First seen:2020-05-04 17:26:28 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:eftzR6NloHB6fE5g2pTPJJ4xtVyzzyjsEPvpfA/Ox0IAsEO4UyPQ:ctzRZ1bktU2RPvpfAsrcOMQ
TLSH 3C45333329C8DAEDBD495A93BCF04A0BED1349EA5CA8063706D05D98F16F5FF1468A31
Reporter abuse_ch
Tags:AgentTesla r15


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: henryschein.com
Sending IP: 191.101.130.212
From: Henry Schein Automated Processing <NoReply@henryschein.com>
Reply-To: nofia.putri.siemens.com@bk.ru
Subject: FW: Invalid vendor bank information
Attachment: Proforma Invoice IHR20200599497595.pdf.r15 (contains "Proforma Invoice IHR20200599497595.pdf.exe")

AgentTesla SMTP exfil server:
mail.zarkom.rs:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 22:51:00 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7aedesbw6hoxzggn3jxr6ob4kk3qlfaq2gwnj4jynwmnpl56nj5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar f808324836f1dd7c98cdda6f1f383c52b7059410d1acd4f1386d98d7afbe6a7a

(this sample)

AgentTesla

Executable exe 7a3ccb191798f72fb41fb65d66efe2ffc82c848bf1a6d96738a4834a51d71761

  
Dropping
MD5 62204ecdecb3d4902fb89602c67368a3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7a3ccb191798f72fb41fb65d66efe2ffc82c848bf1a6d96738a4834a51d71761

Comments