MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24c1aaf05d9c072a31960965cf14f2fd6532e03a81afd0dd600e29e0f9f4952f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24c1aaf05d9c072a31960965cf14f2fd6532e03a81afd0dd600e29e0f9f4952f
SHA3-384 hash: 7448ca76d09562394926c7f320991699a723b2923da50c8bc39745adba3f3bef7bfddd2640730be802f72515f3544695
SHA1 hash: 0d65d69355d4db00f233445990882601be59df49
MD5 hash: 198ebb1f364369314f5bab25073625f3
humanhash: georgia-carbon-pennsylvania-bacon
File name:INV001.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:353'492 bytes
First seen:2020-05-20 07:15:02 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:mWcHRGlast7E0/nJI2Ms7rX6oFCdVTm5VYphvHvtQiuoCzx0PZHrpYM8kPWhT5uM:mDHclXt/n9XBF1VYphvV1uosGPt9VPW5
TLSH 8474233FD4A218E6892D807C823456CCD79F724593A7EFAC44A75DD4ECDE0694CBE490
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: blank.cafe24.com
Sending IP: 175.126.38.143
From: John Wallace <info@himeno.co.jp>
Reply-To: abs000010@outlook.com
Subject: New Order Request
Attachment: INV001.rar (contains "INV001.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 07:36:32 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
14 of 30 (46.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=eta2v4c5tqdsummwbfs46fhs7vstfyb2qgx5bxlabyu6b6pusuxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 24c1aaf05d9c072a31960965cf14f2fd6532e03a81afd0dd600e29e0f9f4952f

(this sample)

AgentTesla

Executable exe d09cbb481136d7766db12c79dc6c82fee1eb89056d4e7b8bc989a7a5d38467af

  
Dropping
MD5 8653227bbe999935f8e9b088ceb39edc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d09cbb481136d7766db12c79dc6c82fee1eb89056d4e7b8bc989a7a5d38467af

Comments