MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d4c27fda6a38cde9ece347c26941c3efde0303ad95eecdfd907d37d693b7f2a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d4c27fda6a38cde9ece347c26941c3efde0303ad95eecdfd907d37d693b7f2a
SHA3-384 hash: 8a289be653590f1ff68ae254d7686fcc002257b134499737c64d51f2d6ebb440aa208862df3c0a0f281a34916985f6fc
SHA1 hash: da80868d066f2b3bcc6c3c376a25248e777310c3
MD5 hash: 5622e1412b17a07c5457373f4cbdede6
humanhash: vermont-mexico-oklahoma-lemon
File name:Statement of Account for Payment.r11
Download: download sample
Signature AgentTesla
Create hunting rule
File size:409'604 bytes
First seen:2020-05-19 09:50:19 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:w0TG84Yt6opihBJtDWu4Lg+XN8VHkudKZlog1uAwriglSFncSjhQ6cWyLmPuNojB:wwNihBJggiDqEFnc+G6ck3KQ
TLSH 4494236A1A07B11AE39C1A77FF51F8BDB4BE68E05A03464D97449A185C7941036FF83C
Reporter abuse_ch
Tags:AgentTesla r11


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server40.a2zcreatorz.com
Sending IP: 72.18.130.169
From: Accountlandshipping@bk.ru <Accountlandshipping@bk.ru> <chun.winglandshipping@bk.ru>
Subject: RE: Request for Statement of Account as of 31-May-2020/// Payment
Attachment: Statement of Account for Payment.r11 (contains "Statement of Account for Payment.r11.exe")

AgentTesla SMTP exfil server:
smtp.desmaindian.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 10:35:41 UTC
File Type:
Binary (Archive)
Extracted files:
286
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fvgcp7nguogn5hwogr6cnfa4h366amb23fpozx6za7jx22j3p4va._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 2d4c27fda6a38cde9ece347c26941c3efde0303ad95eecdfd907d37d693b7f2a

(this sample)

AgentTesla

Executable exe f4ee68967541641ce9b2ba8ba7f2741d9756cde1a4f32ba9495cf35ba06b7f01

  
Dropping
MD5 886ce808019b7266a4291750caf8879f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f4ee68967541641ce9b2ba8ba7f2741d9756cde1a4f32ba9495cf35ba06b7f01

Comments