MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6454291b01ee975319119e1e47632e0b357deed006941cfb85eee890daf4f937. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6454291b01ee975319119e1e47632e0b357deed006941cfb85eee890daf4f937
SHA3-384 hash: 1f133ee7ef2cd8d1ee3555f5d95f4409ae0b326148755ce9801e2838e0590a7627096ff2a203b883e6e63dd057b9eb34
SHA1 hash: cf94b8c612ed982d7712965ad73531b2b2114c9f
MD5 hash: 450ffbb80431258729b079e44d12e7ce
humanhash: cold-michigan-alaska-whiskey
File name:Company profile new.pdf.001
Download: download sample
Signature AgentTesla
Create hunting rule
File size:414'498 bytes
First seen:2020-05-19 06:58:07 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:XFiDccYXPNJlYGKqy0hnaQmkPNStM2KgWKlo8nj:1iDdYXvuv0hnT4RWK9j
TLSH A6942322793B3EF1DC25E71CAAE58930765798E815053E3E6CEFDB881CD249054A8F2D
Reporter abuse_ch
Tags:001 AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: almullagroup.com
Sending IP: 209.58.149.76
From: Nabeel Mahmood <nabeeldxb@almullagroup.com>
Subject: COMPANY PROFILE - HVAC PRODUCT SUPPLIER
Attachment: Company profile new.pdf.001 (contains "Company profile new.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 18:16:26 UTC
File Type:
Binary (Archive)
Extracted files:
288
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mrkcsgyb52lvggirtypeoyzobm2x33wqa2kbz64f53ujbwxu7e3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 6454291b01ee975319119e1e47632e0b357deed006941cfb85eee890daf4f937

(this sample)

AgentTesla

Executable exe 9251aefb3d0f5c1a21c9de09cb545c28e64c99c7424cba4021248f2cd35e6409

  
Dropping
MD5 52a72dc77006de5d7e20c1f61a8ed88c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9251aefb3d0f5c1a21c9de09cb545c28e64c99c7424cba4021248f2cd35e6409

Comments