MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25930169faa350b9836332d465571ac350970b4a3fa17a95d6dfe31e797c5d71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 25930169faa350b9836332d465571ac350970b4a3fa17a95d6dfe31e797c5d71
SHA3-384 hash: 817209dee73f3f8a7aed25509d980755ef7283422647dc60bf3807209c6d490f9b15fe496f7f8ed2fbed81ab33735a15
SHA1 hash: 4e29f466f8495b7f9b38d4117cd96f2b159c8dc8
MD5 hash: cb24a2db014652e365f85a294dcc42f2
humanhash: jupiter-victor-winter-texas
File name:CoVid19_BAH.PDF.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:364'339 bytes
First seen:2020-03-30 11:00:46 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:BFl8fiWK7fyC78vHl7vSXPdyPC3EMy0/C/ULdiDot1fz8i6zaT7ASCX6e67pQQX9:KfEr8pUPKSEMj/C/URimz6zSAREru2
TLSH 187423F9DB48930CFEE7EB8173CC6336F2A8076996B640238D05D521D5BA64E8C0B247
Reporter abuse_ch
Tags:AgentTesla COVID-19 rar


Avatar
abuse_ch
COVID-19 themed malspam distributing AgenTesla:

HELO: slot0.taweelholdlngs.com
Sending IP: 104.168.149.238
From: "Rico Tam" <info@taweelholdlngs.com>
Subject: We can sell surgical masks, a thermopile IR sensors to help you fight the COVID-19
Attachment: CoVid19_BAH.PDF.rar (contains "CoVid19_BAH.PDF.exe")

AgentTesla SMTP exfil server:
mail.cargoair.bg:857 (91.230.195.25)

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 11:35:46 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ewjqc2p2unilta3dglkgkvy2ynijoc2kh6qxvfow37rr46l4lvyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 25930169faa350b9836332d465571ac350970b4a3fa17a95d6dfe31e797c5d71

(this sample)

AgentTesla

Executable exe 087697d241c62f0668f25caa7c739611b4ab1ff5ff7fba466757e67aa5e3a608

  
Dropping
AgentTesla
  
Dropping
MD5 b7b3ff3f7e197049db7c20001f0ea2e4
  
Dropping
SHA256 087697d241c62f0668f25caa7c739611b4ab1ff5ff7fba466757e67aa5e3a608
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 087697d241c62f0668f25caa7c739611b4ab1ff5ff7fba466757e67aa5e3a608

Comments