MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a8719f2815ee448425795ec6b02edfb1e9d0c19918962892a62cee8df730f67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a8719f2815ee448425795ec6b02edfb1e9d0c19918962892a62cee8df730f67
SHA3-384 hash: e8b91939d8b661c1e7ce91803b6149b7ea791e2f2ac9ceb4cb6f632913a0a3bc24e592ea9813e9f11f4c1397ea8e937a
SHA1 hash: f49eaf76bf1981b1095d56e7744bb088d164ddd1
MD5 hash: 44acd4ac0ff52b0e01b0e662f3cda1b9
humanhash: golf-beer-ink-oxygen
File name:PDF_437953793264.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'031'616 bytes
First seen:2020-05-22 13:37:13 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:1tb20pkaCqT5TBWgNQ7aCtviVjcvQsY0nbLX5zoN01iRERxqesTB+c6A:mVg5tQ7aCNiVjcvdLN0Ni+N5
TLSH D595CE1363DD8260C37E51737A167701AE7B782536A1FCFB2FD8093CA9201215E5A66F
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.strongmailvault.com
Sending IP: 111.90.144.214
From: office@jinpao.us
Subject: Order14697
Attachment: PDF_437953793264.IMG (contains "favohhed.exe")

AgentTesla SMTP exfil server:
smtp.cnlcherm.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 14:35:55 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 4a8719f2815ee448425795ec6b02edfb1e9d0c19918962892a62cee8df730f67

(this sample)

AgentTesla

Executable exe 1fdeff12a76654fa755bc975b5727280884ee49ce3881411b1769bbdc75688cf

  
Dropping
MD5 c43a2b75c6f346bb5c10de52dc0f5f57
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1fdeff12a76654fa755bc975b5727280884ee49ce3881411b1769bbdc75688cf

Comments