MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 013f4a997b064b62afbbb31ad5dc00d0fb26652910c26345c965e4b810e8066e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 013f4a997b064b62afbbb31ad5dc00d0fb26652910c26345c965e4b810e8066e
SHA3-384 hash: b933214d75b4c64d0d6f079c8392b4f352e64cbdafa24c1b3e7405422c7cf9386b9dc4976d5e92cce088a79a501606e3
SHA1 hash: a7a02d6e3bceca2045e737d952d869fb04558805
MD5 hash: e2393c567d5c53059744d6560d406cb0
humanhash: river-indigo-ink-hydrogen
File name:SWIT BANK PAPER PAYMENT OF 84,867.06 USD.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:493'347 bytes
First seen:2020-06-08 19:13:06 UTC
Last seen:2020-06-08 20:02:32 UTC
File type: r00
MIME type:application/x-rar
ssdeep 12288:pXuKWYzGNa/n7R3en2wIcrj9g8i8+MKDCw/Ap:pXu4zlnt3enccS8ifmoQ
TLSH 87A4231F021BE520FD35A6F2FA48341435D81E25A3966498FAD79B34B24F0EC4B7D11B
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: azadea.com
Sending IP: 45.137.22.41
From: Mohammed Aly <mohammed.aly@azadea.com>
Subject: EMAILMING BANK PAPER PAYMENT OF USD 848867,06
Attachment: SWIT BANK PAPER PAYMENT OF 84,867.06 USD.r00 (contains "SWIT BANK PAPER PAYMENT OF 84,867.06 USD.exe")

AgentTesla SMTP exfil server:
mail.dadabhoy.edu.pk:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200609-0823.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 18:14:36 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
14 of 26 (53.85%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ae7uvgl3azfwfl53wmnnlxaa2d5smzjjcdbggrojmxslqehiazxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 013f4a997b064b62afbbb31ad5dc00d0fb26652910c26345c965e4b810e8066e

(this sample)

AgentTesla

Executable exe db64794e19af6a65cd4c844314fa94fffef9e8ad84c36876cb78f2769c3e422e

  
Dropping
MD5 a1a9131f46529f2526aeff3a705d1d73
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 db64794e19af6a65cd4c844314fa94fffef9e8ad84c36876cb78f2769c3e422e

Comments