MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f95a848ebab7a30306782b38e1e33f097bf0478b789b479600b5cb3e5666af04. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f95a848ebab7a30306782b38e1e33f097bf0478b789b479600b5cb3e5666af04
SHA3-384 hash: 4c7befc460f9cb225c0afe6585220f5fbc2a250dfccfa5e0b3087e4fe43b8a115764f5feba03d16b7ac51a37615a5f80
SHA1 hash: a312072ce897601236f467eb7e696a4b3e58983a
MD5 hash: 9b36aaf083320b82fb94fa1630ab82cf
humanhash: alpha-happy-lake-tennessee
File name:SCAN_NEW-ORDER98375746_Pdf.lz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'268'304 bytes
First seen:2020-05-06 17:57:48 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:SoRFZHk4YCPaggM5y5pi41m+oEMv3M8+U9IOy:p5k4YCtd05041zo1z+UK3
TLSH 5345332CC1A24A9E887D34E78D196D9553F00C21FB60F09293EEE75D6CB56A1C13E8DB
Reporter abuse_ch
Tags:AgentTesla lz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.stpt.ro
Sending IP: 91.213.11.190
From: Eric Guo <stefan@stpt.ro>
Subject: Re:New Order-may
Attachment: SCAN_NEW-ORDER98375746_Pdf.lz (contains "SCAN_NEW-ORDER98375746_Pdf.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 18:36:47 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7fnijdv2w6rqgbtyfm4odyz7bf57ar4lpcnupfqawxft4vtgv4ca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar f95a848ebab7a30306782b38e1e33f097bf0478b789b479600b5cb3e5666af04

(this sample)

AgentTesla

Executable exe 2e3bcf02a428640a05bb5a983a4ac9e562bb5d3da09365d6614a6fd2f5b8690c

  
Dropping
MD5 682cacd10e9099d8b0ff3ad236357aab
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2e3bcf02a428640a05bb5a983a4ac9e562bb5d3da09365d6614a6fd2f5b8690c

Comments