MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 217275363ac21c38a224ca72a2d7c14e8bbf9c17910b8bb745019b73783fd841. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 217275363ac21c38a224ca72a2d7c14e8bbf9c17910b8bb745019b73783fd841
SHA3-384 hash: 0a6ce151290154966d5e02e040995084f2679ac0ca0a85c8f53918cc85fd1b3c21b24ff0ffcd7b4465e670f53a2b2602
SHA1 hash: f4cf9351041390a4c49952ef6258de5355d46e48
MD5 hash: 5a4256d0ef4c1a6670e76ca3b077c81f
humanhash: social-shade-bluebird-king
File name:Kimenő számlák.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:425'888 bytes
First seen:2020-07-06 15:06:06 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:N8ML8kl22hxgnzBppv5ZwRvvACn259fCqFDE8VvxRbu8s0Msy2W:CML8j6U97R+RvUc8Vv3bp9MsO
TLSH 3B942372F51D6ABFF45C72934EA00AD7D9829521B3C879080C468BE0ABD3BD10D99D7E
Reporter abuse_ch
Tags:AgentTesla geo HUN rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: chla185.avzservicios.es
Sending IP: 185.176.10.68
From: e-szamlazas@fizetesipont.hu
Subject: Kimenő számlák (F-K99134/20) Értesítő
Attachment: Kimenő számlák.rar (contains "hjhh.exe")

AgentTesla SMTP exfil server:
mail.materialsmiquel.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/217275363ac21c38a224ca72a2d7c14e8bbf9c17910b8bb745019b73783fd841/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 15:08:05 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=efzhknr2yiodrirezjzkfv6bj2f37haxsefyxn2fagnxg6b73baq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 217275363ac21c38a224ca72a2d7c14e8bbf9c17910b8bb745019b73783fd841

(this sample)

AgentTesla

Executable exe dfc4910e2cbf6064263b576560e72e29eb6f758f475d5176c88c7e8f98e00004

  
Dropping
MD5 4fdacdc49fc5cfd3fba300d2a0e88144
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dfc4910e2cbf6064263b576560e72e29eb6f758f475d5176c88c7e8f98e00004

Comments