MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd5f9a69ae7faa15be34b5794970320bcdbc5d9da85e22d82351173b2fb1f2ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd5f9a69ae7faa15be34b5794970320bcdbc5d9da85e22d82351173b2fb1f2ce
SHA3-384 hash: b5c55f1a978eb7d3bd64f6287d8d4193ca97970ac79fc2ab3d15b27399cb9ff29b52459f1757a21869cd76c62ee012e2
SHA1 hash: 0e8c79824ffd1a0779086689be6c7821624d3df5
MD5 hash: e9fecf5b6020a2480ba29be7b81bf791
humanhash: enemy-fish-rugby-yankee
File name:ORDER 564637.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'075'831 bytes
First seen:2020-05-28 08:38:28 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:pkO2A/KoJHD7nxkNVOip6q4Mh3opNiebIKIPpZ9gFb:zTJH/6N76vMh3opNhIFPpZ9gB
TLSH 1035331D73644F8FBCA073D8292D6FED518358CCC8A7C26A931A52D759D0339BBA7488
Reporter jarumlus
Tags:AgentTesla rar


Avatar
jarumlus
Malspam distributing AgentTesla:

HELO: secomtech.org
Sending IP: 103.99.1.173
From: SECOMTECH SOLUTIONS<veeresh@secomtech.org>
Subject: RE: PRODUCT INQUIRY
Attachment: ORDER 564637.rar (contains "ORDER 564637.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 09:36:20 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar fd5f9a69ae7faa15be34b5794970320bcdbc5d9da85e22d82351173b2fb1f2ce

(this sample)

AgentTesla

Executable exe 878721df406a2708679b07f9f1f596030c99756bd812e613b3535be3cf314432

  
Delivery method
Distributed via e-mail attachment
  
Dropping
MD5 236721924fea0ff73da99e59ae30ca26
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 878721df406a2708679b07f9f1f596030c99756bd812e613b3535be3cf314432

Comments