MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68520ca94e106acdec31056d5d4b71abbee5eb535202106d7e88089d3836ea1e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68520ca94e106acdec31056d5d4b71abbee5eb535202106d7e88089d3836ea1e
SHA3-384 hash: 7a8702e5c822f0576d3889b27f168d4551d3d9630647887cf6819df0902a999a417f0aec0ede9492e37ce2e9993cba2f
SHA1 hash: 17e384be5f68dd5e9ba74fc4dfbe2ef0af8452b0
MD5 hash: 1e4646fda67ae0cff02f5d40ba29dad1
humanhash: iowa-lima-solar-network
File name:SKMC_31052020106325_8307737263945.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'001'418 bytes
First seen:2020-06-02 10:07:21 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 24576:rgToYOV2cj8lVZ4GiTbWF1ZByYTzi1wfNfTr:rgEvAdnZDiTbWH6kzTNfH
TLSH 43253366B4EE3C1337457C78E04060E9F71B9E9A716F0700D7750BAE61EC62A10B97AE
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mastercargointl.com
Sending IP: 156.96.45.138
From: ken.xiao@mastercargointl.com
Subject: New order
Attachment: SKMC_31052020106325_8307737263945.r00 (contains "SKMC_31052020106325_8307737263945.exe")

AgentTesla SMTP exfil server:
mail.brightpackaging.in:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 10:37:04 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nbjazkkocbvm33bravwv2s3rvo7ol22tkibba3l6raej2obw5ipa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 68520ca94e106acdec31056d5d4b71abbee5eb535202106d7e88089d3836ea1e

(this sample)

AgentTesla

Executable exe 2dd7ab98c842ba266d58d3ad1495727981952821c2375d86b1423c137799a753

  
Dropping
MD5 c5d21ed424761888b455183f0ea59d32
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2dd7ab98c842ba266d58d3ad1495727981952821c2375d86b1423c137799a753

Comments