MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fb1cf2672a5b756121adaf6a9e2f15d5221eacd06f6f35e8a6f4127f6df0e76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5fb1cf2672a5b756121adaf6a9e2f15d5221eacd06f6f35e8a6f4127f6df0e76
SHA3-384 hash: 46ece0dd15698e8f19e9aa15a0ac5391745739acf135713367eeb0dc30a69cc1d020af697145960e7d6be76378cb4b63
SHA1 hash: 2360aabc3621a523ef0cc6826a6cbabf8af4c1b7
MD5 hash: de096c7b9691d3fd35f392fa1cfd6c26
humanhash: delaware-seventeen-arkansas-spring
File name:Purchase Order.xlsx 4.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:841'428 bytes
First seen:2020-08-08 08:20:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:qP2gr39kPZG77mbhDGl/B7VgjP8PAuaEJdFbnj2mox9BpmMknjAU:qOiuPZGAaZEUUEJdJSmox/sM23
TLSH C905331AD9A9E1D647AD33686ECB8250247A89E9347AC3866401E7488F4FD7FCB81335
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: transglobal.co.in
Sending IP: 103.99.1.149
From: Yacoob,<yacoob@transglobal.co.in>
Subject: FW:Purchase OrderĀ 
Attachment: Purchase Order.xlsx 4.rar (contains "Purchase Order.xlsx (4).exe")

AgentTesla SMTP exfil server:
mail.framafilms.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5fb1cf2672a5b756121adaf6a9e2f15d5221eacd06f6f35e8a6f4127f6df0e76/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-08 08:09:40 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l6y46jtsuw3vmeq23l3ktyxrlvjcd2wna33pgxukn5asp5w7bz3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5fb1cf2672a5b756121adaf6a9e2f15d5221eacd06f6f35e8a6f4127f6df0e76

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 5fb1cf2672a5b756121adaf6a9e2f15d5221eacd06f6f35e8a6f4127f6df0e76

(this sample)

AgentTesla

Executable exe 354340be6e5dd978bf51da794fdf3b4972163070e349fe40e023399827e8e817

  
Dropping
MD5 685d9443c1dc6c8d9379b845ffbf6b86
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 354340be6e5dd978bf51da794fdf3b4972163070e349fe40e023399827e8e817

Comments