MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f6b18fbec2d50d5e24113ba977bc83f70c0c9e2c0f37caa346ea5a4d6f9963a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f6b18fbec2d50d5e24113ba977bc83f70c0c9e2c0f37caa346ea5a4d6f9963a
SHA3-384 hash: f90456e188e03be785febeefeb58fc596e1e5f8a1c30dacc4a40f301ee66a46f7c36ed84babae224bac563cbde4505d4
SHA1 hash: 4732b105db9a163116b72b61a2d2507dfeeab173
MD5 hash: 0b5590d3d7607d88b81a6fc885fbc7de
humanhash: moon-bakerloo-low-table
File name:ScanDocuments202011PDF.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:491'640 bytes
First seen:2020-11-07 10:28:10 UTC
Last seen:2020-11-09 05:41:55 UTC
File type: 7z
MIME type:application/x-rar
ssdeep 12288:8FKQkf782I3kFD2966LGyoltPRkm2A7zLB/5r+Ti4:8Yf83k01GVJkrA7PBha5
TLSH F6A42393AAF7E8DDCB823A933340160B9AC8FBFB597A25353AD5C03823944155E40F5C
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ar-digit.net
Sending IP: 45.137.22.74
From: info@ar-digit.net
Subject: STILL WAITING URGENTLY
Attachment: ScanDocuments202011PDF.7z (contains "ScanDocuments202011PDF.exe")

AgentTesla SMTP exfil server:
bh-58.webhostbox.net:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5f6b18fbec2d50d5e24113ba977bc83f70c0c9e2c0f37caa346ea5a4d6f9963a/
Threat name:
ByteCode-MSIL.Ransomware.TeslaCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 18:25:07 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l5vrr67mfvinlysbco5jo66ih5ymbspcydzxzkrun2s2jvxzsy5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 5f6b18fbec2d50d5e24113ba977bc83f70c0c9e2c0f37caa346ea5a4d6f9963a

(this sample)

AgentTesla

Executable exe 14dba4e8c0740eb49fe53948d4158b4d8a32e2d430fbcf7d0b0f7c9033f98808

  
Dropping
MD5 8804575920cc51f2223c73c1b8a158fc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 14dba4e8c0740eb49fe53948d4158b4d8a32e2d430fbcf7d0b0f7c9033f98808

Comments