MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 246f1797d4b6beacf56f75fad1d2f04586b32bb92e069c57a3f89fe0925d7fd8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 246f1797d4b6beacf56f75fad1d2f04586b32bb92e069c57a3f89fe0925d7fd8
SHA3-384 hash: b03d383bad9b18f45552fafb1a23fe71c3c9ea8b0d9af3fff11d39fa33208e2759d0a062e1cbf18832fd03119098e361
SHA1 hash: c24e42ba8a57332275de71173ec4b37acaf5ceee
MD5 hash: ad08da9c7fa9b26ef741c19762b752b8
humanhash: robin-oklahoma-fillet-four
File name:SOA.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:399'064 bytes
First seen:2020-06-26 07:47:41 UTC
Last seen:2020-06-26 17:59:29 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:lQxnhdu2RwAV7GpSMp7woigh2DngAjYKdLOGxFDyURQUG:lmdRpgSMund6SFrQUG
TLSH A68423D1B89BE70100404464BE40573B8E57A8E69349BA90790BF5BD36F8E0BEF66627
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: btlglobal.co.kr
Sending IP: 103.99.1.170
From: ACCOUNT<account@btlglobal.co.kr>
Subject: (URGENT!) UPDATED SOA
Attachment: SOA.rar (contains "SOA.exe")

AgentTesla SMTP exfil server:
mail.sunflower-tech.com:587

Intelligence

File Origin
# of uploads :
3
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/246f1797d4b6beacf56f75fad1d2f04586b32bb92e069c57a3f89fe0925d7fd8/
Threat name:
ByteCode-MSIL.Trojan.Dynamer
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 07:49:05 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=erxrpf6uw27kz5lpox5nduxqiwdlgk5zfydjyv5d7cp6bes5p7ma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 246f1797d4b6beacf56f75fad1d2f04586b32bb92e069c57a3f89fe0925d7fd8

(this sample)

AgentTesla

Executable exe 5ab8a06136b60d9f632b0e6ab76ab36e8078668cff1e98ad2d5548ac2cbcd693

  
Dropping
MD5 2a46fd19bda3ca62857bf65d8ac4ecdd
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5ab8a06136b60d9f632b0e6ab76ab36e8078668cff1e98ad2d5548ac2cbcd693

Comments