MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5bd9247fdfa3c40293c749d91a104dac88bbfdbfc435f90dbd0cee15b45fa280. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5bd9247fdfa3c40293c749d91a104dac88bbfdbfc435f90dbd0cee15b45fa280
SHA3-384 hash: d8d642ade910284c656c148ba939049d54c968f679074c1ce0e74d00967551fb1f4299771ba595b2a5d8f355415e7a99
SHA1 hash: 039f09ff18226ddc570f8460a1e8a881a283fb6c
MD5 hash: a2078b4aa9d24b342d0c9200f1c7ba30
humanhash: india-dakota-lactose-march
File name:RTGSNEFT_ADVICE-PDF.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:274'609 bytes
First seen:2020-08-05 11:55:13 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:/ztrAsss7hy4+uWYZuORBIyBOAa9aUPFJjjGxRVjWqgErEvL7EnOyicK:RAsss74K5RB9B7a9aUPFE4qzrcL7EOAK
TLSH 6644234DF6AA9C3E07C759647C4FF9E825C5A3514AE380C3DA93743B79978C192F5820
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vps.hnsolutions.in
Sending IP: 204.93.168.157
From: Account<online@swastikjewellers.com>
Subject: Re:Payment Advice
Attachment: RTGSNEFT_ADVICE-PDF.7z (contains "RTGSNEFT_ADVICE-PDF.exe")

AgentTesla FTP exfil server:
ftp.dveshop.ro:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5bd9247fdfa3c40293c749d91a104dac88bbfdbfc435f90dbd0cee15b45fa280/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 11:57:04 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lpmsi767upcafe6hjhmruecnvselx7n7yq27sdn5btxblnc7ukaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5bd9247fdfa3c40293c749d91a104dac88bbfdbfc435f90dbd0cee15b45fa280

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 5bd9247fdfa3c40293c749d91a104dac88bbfdbfc435f90dbd0cee15b45fa280

(this sample)

AgentTesla

Executable exe 384492c2e1e40aeabc868eb7c83065f9b6089c2bb7f5f70555638c168fee3db2

  
Dropping
MD5 0dc563ffb46edc432242d1329a24c610
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 384492c2e1e40aeabc868eb7c83065f9b6089c2bb7f5f70555638c168fee3db2

Comments