MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a699ee3382696d02e1914901f4de1c6a46d06e1bd1e76263fcd2d0505ff2d1d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a699ee3382696d02e1914901f4de1c6a46d06e1bd1e76263fcd2d0505ff2d1d
SHA3-384 hash: cc71c0043a38f7c9023581a091001fea0235f0c657b20cbc923f58cf5448739c28f373d6a55e1c9a3717b22c75f4a5d8
SHA1 hash: 7d0a52fab7495cad4f07d095dea01e3e4f81beb6
MD5 hash: 90d6b947d7d6b239a7400d68cb14a198
humanhash: apart-single-texas-bacon
File name:Detalles del banco Pdf.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:518'417 bytes
First seen:2020-06-08 19:07:33 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:sUn/55H9iaitA3tBlCs3kccABWI0epRk4+pbMf:5TvTtBg8SAMI0LpbMf
TLSH 7EB423A7B42DF543E29B173C264FE599945416B4142328F9143EE0ACFBF23B152BAF48
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.eldorado.com.uy
Sending IP: 190.64.204.54
From: Cindy Lucas <clucas@eldorado.com.uy>
Subject: Detalles del banco
Attachment: Detalles del banco Pdf.arj (contains "Detalles del banco Pdf.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 19:09:04 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jjuz5yzye2lnalqzcsib6tpby2sg2bxbxuphmjr7zuwqkbp7fuoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj 4a699ee3382696d02e1914901f4de1c6a46d06e1bd1e76263fcd2d0505ff2d1d

(this sample)

AgentTesla

Executable exe 74fb0be9b7d5f5e5a39ddf596dfb3357deb458b7b4340be8f0ce8c4ae819f3de

  
Dropping
MD5 d367775b90921b2d36296036bac6a255
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 74fb0be9b7d5f5e5a39ddf596dfb3357deb458b7b4340be8f0ce8c4ae819f3de

Comments