MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c10b3559cc23809ecf2793ac034e47c17590a3a7c8e95282e576f2ea28d627b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c10b3559cc23809ecf2793ac034e47c17590a3a7c8e95282e576f2ea28d627b
SHA3-384 hash: ad625731aa59996fa40aa5d1612fbe7e1566eade5143c70ea619f81d5d015e97b6359522e052b107ea75358fca044811
SHA1 hash: fef9195a3276094c17e2448e4b784a051f2c7c27
MD5 hash: 30ebc4b704591cc0723d4d2db959660b
humanhash: maryland-delaware-delaware-autumn
File name:Banco MT103 account Review ref3221 doc.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:251'332 bytes
First seen:2020-06-25 07:58:16 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:/xH4kC2+wGv0dwmzT+1hUH2t5I2ysa9vQj3lyS0:pH/C2+/v0Cmzq1hUH2ty2ysa9oj3lyB
TLSH F0341339FE92F8899759ACA130C72C7A754D6F960C2464CBF679396832CD826790D0F8
Reporter abuse_ch
Tags:AgentTesla rar Santander


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.opthok-navi.com
Sending IP: 153.126.141.228
From: Santander S.A <sawire@santanderbank.com>
Reply-To: uyenleitenson@gmail.com
Subject: Wire Error Review_MT103
Attachment: Banco MT103 account Review ref3221 doc.rar (contains "Banco MT103 account Review ref3221 doc.exe")

AgentTesla FTP exfil server:
ftp.sman22sby.sch.id:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1c10b3559cc23809ecf2793ac034e47c17590a3a7c8e95282e576f2ea28d627b/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dqilgvm4yi4at3hspe5manhepqlvscr2pshjkkbok5xs5iunmj5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 1c10b3559cc23809ecf2793ac034e47c17590a3a7c8e95282e576f2ea28d627b

(this sample)

AgentTesla

Executable exe 07ca86d87f69cd7d92d528342a90533bedaf58cbd64ec9fe5b0d5afb44bc5fba

  
Dropping
MD5 9af95bb169ee8caa5a32756a68aa4c1a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 07ca86d87f69cd7d92d528342a90533bedaf58cbd64ec9fe5b0d5afb44bc5fba

Comments