MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 42700f26f2df6535bf4626bb9970baf7c75dabddf6ef64afdef7d47ea13eb0fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 42700f26f2df6535bf4626bb9970baf7c75dabddf6ef64afdef7d47ea13eb0fb
SHA3-384 hash: 37a9a17ee5ae54969ba3a214658ff1b16ced48c5232c750f857061357ce3d5fe51301fc9b0bba257af089d021bdb2fa7
SHA1 hash: 8783b707242312c67b7e5a70f2c17a627477815c
MD5 hash: 59c725a67f72b18d9092be8408344f44
humanhash: iowa-saturn-emma-grey
File name:PI for PO PRO544232.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:461'096 bytes
First seen:2020-05-12 09:06:19 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:Roi+fjU3YLIdOgz9wHzVqpx1hZXlWmy711e4yK5RaAGT2pWE4tP15hhgGUiTqpyw:R2bUjfR7Z1g7za/2EEWFjbb4YKbh
TLSH C1A4231EBCD15D416B0C8E8DA3C084A650834E8DCBC2ADDEB4E47D59705EED372196E3
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ishineink.com
Sending IP: 156.96.45.195
From: Manager Imports<Muhammad@ishineink.com>
Reply-To: Recipients <dinsmore@elwood.com>
Subject: New Order PI for PO#PRO544232.
Attachment: PI for PO PRO544232.pdf.z (contains "PI for PO# PRO544232.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27363.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Loki
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 02:56:20 UTC
File Type:
Binary (Archive)
Extracted files:
264
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ijya6jxs35stlp2ge25zs4f267dv3k6563xwjl6667kh5ij6wd5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 42700f26f2df6535bf4626bb9970baf7c75dabddf6ef64afdef7d47ea13eb0fb

(this sample)

AgentTesla

Executable exe 25d747802b9ce8ff29860bc3fd6c9822b18108b8b0b1f0b781924203f4ff48f3

  
Dropping
MD5 610d8161c18e2c933ec1a0a320aedcce
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 25d747802b9ce8ff29860bc3fd6c9822b18108b8b0b1f0b781924203f4ff48f3

Comments