MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd5e31dbca53b624ebc1b148be20dc49095914002ff2537b6498b514596c7ad0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd5e31dbca53b624ebc1b148be20dc49095914002ff2537b6498b514596c7ad0
SHA3-384 hash: 87d652e198ddf4c17d39ff9404be4fbc8c22ca6ce0eb3b3d741473188c3fefa37f045ffc4cf009de0b251ee811f9db30
SHA1 hash: d0b0f173e79f4fb1fc2bee079ec443185d48c2b0
MD5 hash: a71e5939eaab5b64ae0caa77fd6e5ca1
humanhash: fanta-table-pluto-seven
File name:New PO........pdf.r11
Download: download sample
Signature AgentTesla
Create hunting rule
File size:456'584 bytes
First seen:2020-05-26 07:58:33 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:avCM9ui0n92UdwcfOfHNOGy0yqb8MqasOJmBi308WOb8Wyj8b3CFOdIGdBVfILQF:onsiG1VfO/NM0aMqa53+OUj8he9odP
TLSH ACA423E16420610FC69D803CC260D69CC8C7D078F6F5424DFBF61B9A562A47DEBBE592
Reporter abuse_ch
Tags:AgentTesla r11


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: Camen Lopez <carlosg@tbadespachantes.com.ar>
Subject: Re: New PO#676863
Attachment: New PO........pdf.r11 (contains "New PO.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Crysan
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:37:13 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
15 of 30 (50.00%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar fd5e31dbca53b624ebc1b148be20dc49095914002ff2537b6498b514596c7ad0

(this sample)

AgentTesla

Executable exe 39492ca7d000a28c93084709bacf6b19357e7d79a67b3223ae2c7477bc574aa2

  
Dropping
MD5 a4352d77906441a3cd97c7d30c7e580b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 39492ca7d000a28c93084709bacf6b19357e7d79a67b3223ae2c7477bc574aa2

Comments