MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1924c60a106e580bef7aac9d6c732a14675d2d70a7cd6ed81e4db38c8e463b8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1924c60a106e580bef7aac9d6c732a14675d2d70a7cd6ed81e4db38c8e463b8a
SHA3-384 hash: 8f73ba8b42665a24b31ac91f97b5fef7e8db5cd267b64f55a634cc932525a32567d5a4c4506dc25f561894beba0be0e5
SHA1 hash: 41839ebd9ec08df768a2ba170c301ed2a076ac36
MD5 hash: 5c09c3a5d2b7a02ebcbb8d684fcac42d
humanhash: tennis-maryland-robin-beryllium
File name:Order Specifications.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:603'112 bytes
First seen:2020-07-09 06:29:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:ufXwspUKIVDxegElu94Tey3RJ7qUk+qpHxu8GRS/:u4s6x/EluKTey3RJ7qUk+qO1RS/
TLSH 03D43378046F4788A3C02AE7DD8270A72F95FE36EC3291AE01457FB6D459F1A057A723
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: zimbra207.megavelocity.net
Sending IP: 192.206.6.182
From: info-IN <info@budget1.in>
Subject: Quote CIF Port of Antwerp-Belgium
Attachment: Order Specifications.rar (contains "Order Specifications.exe")

AgentTesla SMTP exfil server:
premium57.web-hosting.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1924c60a106e580bef7aac9d6c732a14675d2d70a7cd6ed81e4db38c8e463b8a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 06:30:10 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=desmmcqqnzmax332vsowy4zkcrtv2llqu7gw5wa6jwzyzdsghofa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 1924c60a106e580bef7aac9d6c732a14675d2d70a7cd6ed81e4db38c8e463b8a

(this sample)

AgentTesla

Executable exe 3228552bf12eac0d0d241b72489b37b6f25e4f3fca6e7867a3dbc2b912f404fe

  
Dropping
MD5 5350d9dedce9039a41a8d5c1e9cb8f20
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3228552bf12eac0d0d241b72489b37b6f25e4f3fca6e7867a3dbc2b912f404fe

Comments