MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 659dec5bd165052cbf026d7c51794bbdc3cf5e28db286e46a5f73d256c214516. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 659dec5bd165052cbf026d7c51794bbdc3cf5e28db286e46a5f73d256c214516
SHA3-384 hash: a6bad9586e8eb56973748c26d3573bff4ec8fabb5d1eae5e97e198f43af525193367c5a2550bc74e916af288defcbcb5
SHA1 hash: a71394b8fd600dc6a45911a80d3aa137dbf4a76a
MD5 hash: a33391af91477ef35ad63f767821f2a7
humanhash: spring-king-october-glucose
File name:Paymentcopy.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'211'556 bytes
First seen:2020-05-03 16:08:17 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:IxJTvqqBhAVOH1cnvQPUCO5UwN64Ebo3gpST4geSS5waVL:IrvqADHJUL5ZupcJaF
TLSH 1C4533C9719F45873396AB3870C8907D837948DF1937DAAC8B36E79A1C18BBFA584C44
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: egyptian.birch.relay.mailchannels.net
Sending IP: 23.83.209.56
From: Accounting Department <booking@dubaisafariplus.com>
Subject: SWIFT Transfer TODAY
Attachment: Paymentcopy.rar (contains "Paymentcopy.exe")

AgentTesla SMTP exfil server:
mail.grangeresort.com:587

AgentTesla SMTP exfil email address:
info@grangeresort.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-03 16:35:27 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mwo6yw6rmucszpycnv6fc6klxxb46xri3mug4rvf646sk3bbiula._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 659dec5bd165052cbf026d7c51794bbdc3cf5e28db286e46a5f73d256c214516

(this sample)

AgentTesla

Executable exe 47ff742f6ae59b63d6ac7dceacf44797a36f453b95813dd19fef90cd86bfe580

  
Dropping
MD5 14d8117d5584868ca52541790c2c3b60
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 47ff742f6ae59b63d6ac7dceacf44797a36f453b95813dd19fef90cd86bfe580

Comments