MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe95b8e22f7ed52665da4f9317a8a128470052a172513f89cd5c33f7dadc3965. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe95b8e22f7ed52665da4f9317a8a128470052a172513f89cd5c33f7dadc3965
SHA3-384 hash: fbbeb538a636c93d163e40ea8e62b85ce6279fe407775d3737ddea8b93c230fff8ae054b7ba5e403309c489a4b929c89
SHA1 hash: 0db6e50406e11566cb4f26220484de4aceee70b0
MD5 hash: 6abb23580badf0e8d9dd3aa6bb3a2347
humanhash: moon-golf-carolina-avocado
File name:BalPO21504.pdf.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:387'928 bytes
First seen:2020-05-27 18:04:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:5xA/IISCnwkb3e++wh2TOM3alwbI02S49qp5NBRZ0dieLQgCYrt/EUJwpHPMbBWY:5xywkDe++LCJwB2S4C5NBROdieLQgCYb
TLSH 3C8423AD61103E2149D3787E84892D838B8A774BDF65D310BCBC2185BF7F96EE16184E
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: newton.gogohost.com
Sending IP: 195.154.39.118
From: Isabella Chan <info@falconmotorseg.com>
Subject: RE: Shipment Documents-PO# 21504 DF19347
Attachment: BalPO21504.pdf.arj (contains "BalPO21504pdf.exe")

AgentTesla SMTP exfil server:
secure231.servconfig.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.fc.31349.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Crysan
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:53 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip fe95b8e22f7ed52665da4f9317a8a128470052a172513f89cd5c33f7dadc3965

(this sample)

AgentTesla

Executable exe 31f91924abcb4657d19721140bb21db8b517dc6a48830c7c5dc53d819c507248

  
Dropping
MD5 26b4ecd94509e28f4ae0fadc37982a24
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 31f91924abcb4657d19721140bb21db8b517dc6a48830c7c5dc53d819c507248

Comments