MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 541fe43aa60fc2cbc513b763a1d703d2429e08d41c30537473ad10fb6a370d40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 541fe43aa60fc2cbc513b763a1d703d2429e08d41c30537473ad10fb6a370d40
SHA3-384 hash: b6d5df67ce4c0e04487986f22cfc8636b6ec210070172ce72c3e7f2cb555ca4304a425ef927ca3bea12b3ff316dbd67b
SHA1 hash: 58a4db73cd77db50dbba04e3daf44539d57c87b6
MD5 hash: 1de2bc94200526befbb4d2c25ddae1f6
humanhash: double-orange-asparagus-charlie
File name:Swift docs.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:434'146 bytes
First seen:2020-06-02 12:58:25 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:DHXQMeB3YmRVEXHjeIKEzkH24umSbmGwog515LR:jXQMeWLiPMb5g35LR
TLSH D494237D24714B9C61B0EEAD52E838DDCAABF764219F07F8B9CCC377192C4262116E91
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: digamma.host-in-europe.com
Sending IP: 62.75.189.83
From: kudinova@otis.kz
Subject: RE: USD AMOUNT : 60000/= SWIFT MESSAGE - Remittance date 2ND JUNE 2020 -Swift enclosed for your Reference (Ref Q3 2019 Order)
Attachment: Swift docs.rar (contains "Swift docs.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 13:35:21 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kqp6iovgb7bmxritw5r2dvyd2jbj4cgudqyfg5dtvuipw2rxbvaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 541fe43aa60fc2cbc513b763a1d703d2429e08d41c30537473ad10fb6a370d40

(this sample)

AgentTesla

Executable exe eceaeb5dd1fdf321efcf6c4e33706e025408deaa74ece9fb0e4e145901513cf2

  
Dropping
MD5 8d78fbd8ade0cc499b82c58538aab5ed
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eceaeb5dd1fdf321efcf6c4e33706e025408deaa74ece9fb0e4e145901513cf2

Comments