MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbc8dba1530fc97641ea12564e8c6738d47e21e2e5c9f3213bbe6ebba7c27a55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fbc8dba1530fc97641ea12564e8c6738d47e21e2e5c9f3213bbe6ebba7c27a55
SHA3-384 hash: 1473cda6f800c24afdef80e330684b72fcfb8df237ec5d071267eddcd50b59a2187500599b1a1093bfb9a4fe981803aa
SHA1 hash: 88ea306d71912b6680cf888e0559ab179a925b27
MD5 hash: e642e0e73e7286ad812047f0773c1559
humanhash: oxygen-king-nebraska-bravo
File name:Emergency Situation Surcharge Update.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:552'157 bytes
First seen:2020-07-09 14:30:45 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Egj25BETcPJ/HqAa/Tr80KHGMh83/y82EFoxpdT:EaCukJ/x0HK233QT
TLSH 1BC42365F6034A03B768E6FB234181C90517AFBB05C69BA4455C0DA6FC7CB4A4DB3ACB
Reporter abuse_ch
Tags:AgentTesla DHL rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: dhl-news.com
Sending IP: 209.58.149.66
From: DHL Express Courier <support@dhl-news.com>
Subject: Emergency Situation Surcharge Update
Attachment: Emergency Situation Surcharge Update.rar (contains "Emergency Situation Surcharge Update.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fbc8dba1530fc97641ea12564e8c6738d47e21e2e5c9f3213bbe6ebba7c27a55/
Threat name:
ByteCode-MSIL.Trojan.Masslogger
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 14:32:07 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7penxiktb7exmqpkcjle5ddhhdkh4ipc4xe7gij3xzxlxj6cpjkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar fbc8dba1530fc97641ea12564e8c6738d47e21e2e5c9f3213bbe6ebba7c27a55

(this sample)

AgentTesla

Executable exe 54e5bf28236990158619205ebf0163d410eba535de8c3297b5fcd07921d2fec1

  
Dropping
MD5 cf7a41ec6836313be154256346c8be42
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 54e5bf28236990158619205ebf0163d410eba535de8c3297b5fcd07921d2fec1

Comments