MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2576c00cd86b614d8d9cd2f4572e4e6e1e593244a7a68ab41bb949b9f26f7149. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2576c00cd86b614d8d9cd2f4572e4e6e1e593244a7a68ab41bb949b9f26f7149
SHA3-384 hash: 69e59bf692671fdedba7b5405667acee0ec18f3f9a6b435bb57d594073a57f866d1e7ae14c69444035009107cdf35f5c
SHA1 hash: 83bc3472731c0accd3e83b34156347a2ee3a6716
MD5 hash: aad591486be55b08789c00e52c7f0de5
humanhash: ack-jupiter-autumn-winter
File name:PAYMENT ADVISE.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:232'635 bytes
First seen:2020-11-07 10:21:49 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Lvt6j3z2Yc7X2ZdmZvbxS3Jr3WgBadzVDzvXLx3n74GPPj3:Lvt6j2D2ZdmZvbxUJTXQNVDr7xLJPr3
TLSH 113423094C1E7DF2B25E86558AEE2671B709DC4F5EB977E2A909E007081F7477E9C380
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: success.herosite.pro
Sending IP: 23.111.148.162
From: accounts1 <accounts1@zaleship.com>
Subject: RE: PAYMENT ADVISE
Attachment: PAYMENT ADVISE.rar (contains "PAYMENT ADVISE.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2576c00cd86b614d8d9cd2f4572e4e6e1e593244a7a68ab41bb949b9f26f7149/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 23:23:14 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ev3madgynnqu3dm42l2folsonypfsmseu6tivna3xfe3t4tpofeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 2576c00cd86b614d8d9cd2f4572e4e6e1e593244a7a68ab41bb949b9f26f7149

(this sample)

AgentTesla

Executable exe 16f1bf8a4f24dc03e6ca823c6e6c2e53ec5b26cf1cdaa773fd04e827fb0cc8ea

  
Dropping
MD5 4d9d154d48d471f6e5af57a9c92f5ae0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 16f1bf8a4f24dc03e6ca823c6e6c2e53ec5b26cf1cdaa773fd04e827fb0cc8ea

Comments