MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44f5e1c10d22bceb077a859ddba84de0b7068f1d8823b3682fc5ca94505999e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44f5e1c10d22bceb077a859ddba84de0b7068f1d8823b3682fc5ca94505999e7
SHA3-384 hash: e13ecd2ff62088c533b4faccae9d76e4801cf6c758ed185336b5329cdc0eb8ddeed7a7341f9e6ac476fc7db62586e8a8
SHA1 hash: e82bd024c1280114f0b92a7be1a1e91919a1397f
MD5 hash: 9426ddaf6737e69deaf34ff0ebcccbe4
humanhash: utah-robin-georgia-seventeen
File name:Order DFD333GHYT59359.10rar.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:681'404 bytes
First seen:2020-08-08 17:58:27 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:PyBWkmWT28MVT+8JxlAkW7wjYjvQwdaEWuPhiPgsTpYwzCnh2hG1Zebf:P8WuTyxlAkHAvQrEWuP8P/pYwzCnoYX4
TLSH 91E423D8E98EB391BAFD0F9A600B9B604B3583A603349F7FD6D246898F0501D49D752B
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sv2.webaware.co.za
Sending IP: 129.232.157.135
From: Mr D Food Orders <orders@mrdfood.co.za>
Subject: Receipt for order accepted by McDonald's Order: #DFD33359359
Attachment: Order DFD333GHYT59359.10rar.rar (contains "Order # DFD333GHYT59359.exe")

AgentTesla SMTP exfil server:
mail.dbbrokers.co.za:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/44f5e1c10d22bceb077a859ddba84de0b7068f1d8823b3682fc5ca94505999e7/
Threat name:
Win32.Hacktool.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-08-08 18:00:08 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=it26dqinek6owb32qwo5xkcn4c3qndy5rar3g2bpyxfjiuczthtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/44f5e1c10d22bceb077a859ddba84de0b7068f1d8823b3682fc5ca94505999e7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 44f5e1c10d22bceb077a859ddba84de0b7068f1d8823b3682fc5ca94505999e7

(this sample)

AgentTesla

Executable exe 7c18807c7588ab38168e53f2b32aeb41c08af34c25c89250ef627a0c7e090393

  
Dropping
MD5 a24e23057b9c6851d64b0d88f625a502
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7c18807c7588ab38168e53f2b32aeb41c08af34c25c89250ef627a0c7e090393

Comments