MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d922c51875ec1d2b8886d59e9987b6d08a44b64a42d4ae3a1710a25c564be18. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d922c51875ec1d2b8886d59e9987b6d08a44b64a42d4ae3a1710a25c564be18
SHA3-384 hash: 11b81be4cd27564628424648fd43e97952f603ba92e96a77e18cf94ce5f7823b2efd408537ae6e01385cabc7044a95d7
SHA1 hash: cf9a0e7140bc6dfd5a01e6bf423e8d5bf4bec817
MD5 hash: 6ef151340557ba50de9dc2dff79d7dab
humanhash: leopard-india-oklahoma-wisconsin
File name:Over.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:379'822 bytes
First seen:2020-07-10 16:40:19 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:n1dyJ4Kl/TrP7152T8GchQqNq3WwOufZX2gDsSj6ekhnSKS8xtIqNbjWBA809AsT:n1YJBl/3R51GrqNoPUebSIqU28093eIF
TLSH 1984234FC2F3A5A92DCDA03FDD30C652A2C9D538856B5A11DBB10D37478716B2604BEA
Reporter abuse_ch
Tags:AgentTesla DHL Endurance rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 142-4-22-49.unifiedlayer.com
Sending IP: 142.4.22.49
From: DHL Express ™ <support@dhl.com>
Reply-To: oscar.martinez.carnca@gmail.com
Subject: DHL-Overdue Outstanding On- Final Reminder.
Attachment: Over.rar (contains "Over.exe")

AgentTesla SMTP exfil server:
mail.mexicanproduct.com.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5d922c51875ec1d2b8886d59e9987b6d08a44b64a42d4ae3a1710a25c564be18/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 16:42:06 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lwjcyumhl3a5foeinvm6tgd3nuekis3euqwuvy5boefclrlexyma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 5d922c51875ec1d2b8886d59e9987b6d08a44b64a42d4ae3a1710a25c564be18

(this sample)

AgentTesla

Executable exe 8e7298a389df54f92bf0c976fc29c451b43e1862cc4794c1f2e95e1d7cdb92a2

  
Dropping
MD5 13ab67e8f8926a8a3b22e6d94227523a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8e7298a389df54f92bf0c976fc29c451b43e1862cc4794c1f2e95e1d7cdb92a2

Comments