MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54fccbf692d31875af4fddcdc281ec71a9a52994df4ba1b247a5b74638222458. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54fccbf692d31875af4fddcdc281ec71a9a52994df4ba1b247a5b74638222458
SHA3-384 hash: f01c74a6ebe069ee34ccb53c99cd50a3a51e9902752435613bbea986c8f79b0ea88a591bb3363f4fee21abc372fd264b
SHA1 hash: 6a11cff80a1251731511f61004bf3518b9f0e304
MD5 hash: 157e023bfd644da9075174332e0173d5
humanhash: river-cup-early-lake
File name:COPIA SWIFT.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:396'466 bytes
First seen:2020-06-26 17:41:48 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:OlO4dOv1QSyexgoMzI/iz8WJBUgAkPbS71Ju:mtOv2SyexgjX8S9t
TLSH 8B8423C5BB37E7F339A1C61656469E0BDCCBA1054EB8572F35F385D83A8822006773A6
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vxadm-11.srv.cat
Sending IP: 46.16.58.130
From: Carlos Pinzás Espinoza <pe.carlos@absisa.com>
Subject: PAGO PENDIENTE
Attachment: COPIA SWIFT.rar (contains "COPIA SWIFT.exe")

AgentTesla SMTP exfil server:
mail.gascuenca.es:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/54fccbf692d31875af4fddcdc281ec71a9a52994df4ba1b247a5b74638222458/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 17:43:04 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kt6mx5us2mmhll2p3xg4fapmogu2kkmu35f2dmshuw3umobcerma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 54fccbf692d31875af4fddcdc281ec71a9a52994df4ba1b247a5b74638222458

(this sample)

AgentTesla

Executable exe 539f5ea13722aaf468e1e7f53b1310a8db1579fb515f197f39e87275d557e4de

  
Dropping
MD5 6f72fa8547bffa8570bdd1a8143c164f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 539f5ea13722aaf468e1e7f53b1310a8db1579fb515f197f39e87275d557e4de

Comments