MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5275e976ca25984cb239d81bca67ce948d190800ebd41bea807e855ddc4332da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5275e976ca25984cb239d81bca67ce948d190800ebd41bea807e855ddc4332da
SHA3-384 hash: 6b7ccb3a8c87a057df8e9ea026402391b9243850f5f9cb937d5caaf2383f66c5a246155386e94b66b02f648fcac75326
SHA1 hash: 72deeb69f1465661cb0e71c21e0c8843f0f99827
MD5 hash: b4326d3cb78da98d36b18710a9fa2058
humanhash: march-salami-gee-fruit
File name:Scan001pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:381'484 bytes
First seen:2020-06-08 04:53:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:buKis4J45d0tNoeF9Dsyb1v/rMIZRRlvl3Yf5FcucinVhyzC5uhDusZP3ZOInuYm:buJs4J4d0voa9DsyhHrBZRRlvlohFcul
TLSH F48423E4C70EB8BD36FCB850CAE0D542A7FD14B1AA508711460EC6566CC9AF9BE9C613
Reporter abuse_ch
Tags:AgentTesla rar Yahoo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sonic315-21.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.190.147
From: marketing <enesmacit@yahoo.com>
Reply-To: marketing <enesmacit@yahoo.com>
Subject: Fw: Scan Payment Copy
Attachment: Scan001pdf.rar (contains "Scan001#pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodZp-A.4064.16491.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 04:55:04 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kj26s5wkewmezmrz3an4uz6ossgrscaa5pkbx2uap2cv3xcdglna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 5275e976ca25984cb239d81bca67ce948d190800ebd41bea807e855ddc4332da

(this sample)

AgentTesla

Executable exe 2e8f8383cfdb7a42c9e5ced3469619f6154b874616a2dd793693f3b53ec5cae7

  
Dropping
MD5 59ff91784a9a19e7f3c60f2d4a950372
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2e8f8383cfdb7a42c9e5ced3469619f6154b874616a2dd793693f3b53ec5cae7

Comments