MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48fa920b95c78f7e5d703381109191ba1aa2b552980e0d995e9aae58d8742255. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48fa920b95c78f7e5d703381109191ba1aa2b552980e0d995e9aae58d8742255
SHA3-384 hash: 49a222be8b3bac596e7db3b3d68499db4f8d80b63acc15bab520895b6c7d4726cd65a3e02cceb9175eeef91531ebe245
SHA1 hash: fdab841edecab75675e45e4b5161caf0213510cd
MD5 hash: ca145d63e92f31fcdb37f3643672aff5
humanhash: mexico-double-high-utah
File name:43949785_98147_SOA.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:319'809 bytes
First seen:2020-07-13 06:23:32 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:OyZiBmYw0ao6Te7tsRAJ3DPZCE3IjRv6dgCzH4r284riQBkpnb+n:Xo8Yw3/Ct7JMPvOzYrTGIb+n
TLSH 066423587F8EF0A38300BDBF6DD5F2C07594B23A55B596B9810E358A88C9241BCEB197
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: damacproperties.com
Sending IP: 95.211.208.25
From: Damac lee<atyourservice@damacproperties.com>
Subject: DAMAC – Payment Notification
Attachment: 43949785_98147_SOA.rar (contains "43949785_98147_SOA.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/48fa920b95c78f7e5d703381109191ba1aa2b552980e0d995e9aae58d8742255/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 06:25:06 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jd5jec4vy6hx4xlqgoarbemrxinkfnkstaha3gk6tkxfrwduejkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 48fa920b95c78f7e5d703381109191ba1aa2b552980e0d995e9aae58d8742255

(this sample)

AgentTesla

Executable exe 5d567a17efdfd5b798013424d36c0e2d32a20ba610dcaa0011d7aad2eaa6b4e8

  
Dropping
MD5 fbf4769b141697d86de6b96bebd8cb86
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5d567a17efdfd5b798013424d36c0e2d32a20ba610dcaa0011d7aad2eaa6b4e8

Comments