MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 71a83781eaac59acf542ab3aad132cb6732b26b784b666ca91b6ca688b095d2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 71a83781eaac59acf542ab3aad132cb6732b26b784b666ca91b6ca688b095d2f
SHA3-384 hash: 0626345c5cd98051114c0d6a12b26ee98874bfd8d84ab4dd9635a854b7d82069d909b07d1bbf44e416fd807a693d0e83
SHA1 hash: 8e44c13694348dc87cea4a1c9aae941ad54ed9ef
MD5 hash: 84cf01b75371cf99b0add4e61c463b00
humanhash: tennis-alanine-grey-lake
File name:Purchase Order.pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:457'262 bytes
First seen:2020-06-19 06:00:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:9GOfvV3XFmXiph08PaczWnvYj0GTqJ7fTVlG:9JV3XFmykESu0Gu7rVlG
TLSH 33A42380A85F06E16D9DB868ACAE43BCDE43548BBCB91154DB8F558F188B0F23CD4B57
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: web8.nmcutilities.in
Sending IP: 115.124.99.104
From: Engr. Gao Qing <qiaoanna@zpmc.com>
Subject: Re:Purchase Order CTPO18542# (HONG KONG)
Attachment: Purchase Order.pdf.rar (contains "Purchase Order.pdf.exe")

AgentTesla SMTP exfil server:
smtp.ahrass.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 06:01:15 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ogudpapkvrm2z5kcvm5k2ezmwzzswjvxqs3gnsurw3fgrcyjluxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 71a83781eaac59acf542ab3aad132cb6732b26b784b666ca91b6ca688b095d2f

(this sample)

AgentTesla

Executable exe 99096e97d0b0340bb5e00160316710348b3e37d5670c9e9264dd7d9cefe41aaa

  
Dropping
MD5 a8c081d972f01a74c9dab10a7ffc7f04
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 99096e97d0b0340bb5e00160316710348b3e37d5670c9e9264dd7d9cefe41aaa

Comments