MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83cdff4bc3ccf563e3ffdc3c5ea20eddbc1fd359fac1bfb2a352023c5e7f8ee7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83cdff4bc3ccf563e3ffdc3c5ea20eddbc1fd359fac1bfb2a352023c5e7f8ee7
SHA3-384 hash: ba4a74732414cb1888e12bb4fa4b9958c9bb92782154fa3f30e7c98118cfa52496ef50adff2493fb5e44d66ac65c80f7
SHA1 hash: 27546741f6fe62c861da0ed1d445f761b75d9a36
MD5 hash: 2826b0e6be686481d914da745c64182c
humanhash: india-stairway-carbon-may
File name:TNT delivery details.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:398'999 bytes
First seen:2020-07-24 10:51:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:85dLbj4dVqyg6gq7kdacr49BoaAOlpEXDFGeaHFhe36JY0mkXlOEKc/0xe:8nvjMgDtqoaTeXDQFlhsSYwXlNK9xe
TLSH A48423DC9BE19BF3FB1B5B83D6B28146739717216B660C298253D4B93F873258084EB4
Reporter abuse_ch
Tags:AgentTesla rar TNT


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cloudhost-75870.us-west-1.nxcli.net
Sending IP: 173.249.144.227
From: TNT EXPRESS <support@tnt.com>
Reply-To: support@tnt.com
Subject: TNT consignment details
Attachment: TNT delivery details.rar (contains "AFoGeK4PmcNVgTa.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/83cdff4bc3ccf563e3ffdc3c5ea20eddbc1fd359fac1bfb2a352023c5e7f8ee7/
Threat name:
ByteCode-MSIL.Trojan.Masslogger
Create hunting rule
Status:
Malicious
First seen:
2020-07-24 10:52:07 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qpg76s6dzt2why773q6f5iqo3w6b7u2z7la37mvdkibdyxt7r3tq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/83cdff4bc3ccf563e3ffdc3c5ea20eddbc1fd359fac1bfb2a352023c5e7f8ee7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 83cdff4bc3ccf563e3ffdc3c5ea20eddbc1fd359fac1bfb2a352023c5e7f8ee7

(this sample)

AgentTesla

Executable exe 1471e8e6ac0fc93f251e6cc084c631818c2ca56f8acd22c0513d6bc7a5bff6e2

  
Dropping
MD5 c336dff17238047304411fb504581e7b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1471e8e6ac0fc93f251e6cc084c631818c2ca56f8acd22c0513d6bc7a5bff6e2

Comments