MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0704ecdae1cb082ca9d8a9e0946850b24c9a99a0899297fdbe485b118e3bb352. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0704ecdae1cb082ca9d8a9e0946850b24c9a99a0899297fdbe485b118e3bb352
SHA3-384 hash: 0f80efdd2e55878fc385e7bf833d32fbb5cb57cbf25ffb9892808a7494932cf0ff6cffe54392f5bf3fa9ff45164b53e5
SHA1 hash: 13aaa5a5c08776193a6336f4eb5bf0165328ca27
MD5 hash: 5b0f1fd23071bfb88c0df5460cc54e0a
humanhash: eight-chicken-north-uranus
File name:PO-8372929.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'175'439 bytes
First seen:2020-05-02 09:57:45 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:a0FEkSxuwFLLnfKvS4RMf1HmY7BEK4PKb1dViVQWn3I5jVbgDgb:nEkSxuwRDKa4Rk1Y5PO7CQWn4bbgDA
TLSH 464533EC2DF86B63C34D563B64198A3DAC3C513289CFA3041E5176B6BD12E4A3A6C578
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mx3.bangla.net
Sending IP: 203.188.252.14
From: Sales <br5818@bangla.net>
Subject: PO - RFQ # 8372929 NEW ORDER
Attachment: PO-8372929.rar (contains "PO-8372929.exe")

AgentTesla SMTP exfil server:
smtp.onlinexpertsales.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27572.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-02 10:35:39 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
15 of 31 (48.39%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a4cozwxbzmeczkoyvhqji2cqwjgjvgnargjjp7n6jbnrddr3wnja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 0704ecdae1cb082ca9d8a9e0946850b24c9a99a0899297fdbe485b118e3bb352

(this sample)

AgentTesla

Executable exe c2d42ef1435490d3bd280f0e1aaa0b42fe1d417e5364a000531a930c841f22f9

  
Dropping
MD5 0b7d26586342b5eee2f7bd0e5d9c40fc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c2d42ef1435490d3bd280f0e1aaa0b42fe1d417e5364a000531a930c841f22f9

Comments