MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fe01d627d59d721854b8b82fc9239bc3297ab59a90c2b9669abf29ada57ef71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5fe01d627d59d721854b8b82fc9239bc3297ab59a90c2b9669abf29ada57ef71
SHA3-384 hash: 2d86782fa6f507f6ad6588989bf2ec56f33cc54837a3eefef3d6bd68135e9d9abe16b7b40c92960d3686af2ac0dc727a
SHA1 hash: e0a09ca00d41bb5b5ace82ca1d73479e4a3b4280
MD5 hash: 372eaf1a02a21bacbf7c08981be06e7e
humanhash: batman-connecticut-freddie-river
File name:PAYMENT SWIFT.r24
Download: download sample
Signature AgentTesla
Create hunting rule
File size:722'344 bytes
First seen:2020-12-13 08:42:03 UTC
Last seen:2020-12-14 08:52:29 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:W6eEjCsf0GaU2wvY1P5iDJfFOr8eO0Io0iErmXkUpMj5uuJj5L37G0Hkri0T9WlS:W6fOsMGs74womGikB3FLbfG0efp9
TLSH 43E43392B0F3FB0849E48D851DA3303B6E6A52D1B5926B90F843476FD72C57CF72948A
Reporter abuse_ch
Tags:AgentTesla R24


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: artoniandsamer.com
Sending IP: 92.223.79.102
From: Artoni&Samer srl <commercial@artoniandsamer.com>
Reply-To: Artoni&Samer srl <commercial@artonlandsamer.com>
Subject: PAYMENT SWIFT
Attachment: PAYMENT SWIFT.r24 (contains "EE09TR0098654.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
293
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5fe01d627d59d721854b8b82fc9239bc3297ab59a90c2b9669abf29ada57ef71/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-13 08:42:07 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l7qb2yt5lhlsdbklrobpzerzxqzjpk2zvegcxftjvpzjvwsx55yq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5fe01d627d59d721854b8b82fc9239bc3297ab59a90c2b9669abf29ada57ef71

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 5fe01d627d59d721854b8b82fc9239bc3297ab59a90c2b9669abf29ada57ef71

(this sample)

AgentTesla

Executable exe cece846f69234defbd561899682dd1f687b8ed35ef5081a8a4cd3d7d8cbc7fe5

  
Dropping
MD5 4663cc332bb0a35d7fc8e95da82c13ec
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cece846f69234defbd561899682dd1f687b8ed35ef5081a8a4cd3d7d8cbc7fe5

Comments