MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d6cd1a2facd390e27f84a57a523cea32bd67d63a565143830c68c5d5f09f6aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d6cd1a2facd390e27f84a57a523cea32bd67d63a565143830c68c5d5f09f6aa
SHA3-384 hash: ba48196203be470369c43689f5b35d46277e48abbdff97a1c3931103f527df29346d8c1616b8ee46e58ff028a25d9046
SHA1 hash: ab16d6feb25b41b2844ede02e03a7af658e6a4df
MD5 hash: 8e8873802dd3fa17cd2cafafa8cbdce2
humanhash: fanta-cold-avocado-crazy
File name:DRAFT HBL LGB07200191_pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:533'207 bytes
First seen:2020-08-13 05:57:12 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:kJ7+GFhqkM4R6HPojytb/AoiV2BNxWSPiv8BIXJZbXmjnsqx:kJ7+GfbMzQjyfPhBIZtTA
TLSH DCB423C5BFD0A48435261214166F4FFEA0628287E92F65B1A393D8ED8FB817D35C6C78
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: naver.com
Sending IP: 176.123.10.138
From: jandi.shinesslgroup@naver.com
Subject: DRAFT HBL#LGB07200191 // BKG SGNAD6539700 ETA 25 Aug
Attachment: DRAFT HBL LGB07200191_pdf.rar (contains "DRAFT HBL LGB07200191_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5d6cd1a2facd390e27f84a57a523cea32bd67d63a565143830c68c5d5f09f6aa/
Threat name:
ByteCode-MSIL.Spyware.Datacollectora
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 05:59:04 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lvwndix2zu4q4j7yjjl2ki6oumv5m7lduvsriobqy2gf2xyj62va._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5d6cd1a2facd390e27f84a57a523cea32bd67d63a565143830c68c5d5f09f6aa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 5d6cd1a2facd390e27f84a57a523cea32bd67d63a565143830c68c5d5f09f6aa

(this sample)

AgentTesla

Executable exe 7fa87575dabd9e59c08456c2f24ced5b1f5c9820fd74e8f423ff6dd0ee06cf9f

  
Dropping
MD5 2462b06816d88f0803daca558b781b69
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7fa87575dabd9e59c08456c2f24ced5b1f5c9820fd74e8f423ff6dd0ee06cf9f

Comments