MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88c6a2560da78c748bf1416c5cc8b72dd65b167a39bbae018f98a5a9e6cb8845. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88c6a2560da78c748bf1416c5cc8b72dd65b167a39bbae018f98a5a9e6cb8845
SHA3-384 hash: a0cf951bd71213db886703fe87abf862c14d0cc00d7fd76e9dee2f6b6ecd7ae4d5f9366eb0771d63107fbd506e3de64e
SHA1 hash: 968023c57cb42cc66122fc9fa235402fd05d56fc
MD5 hash: 459618b7e8c638293faa292f73bc4d58
humanhash: uranus-happy-social-xray
File name:Swift0211.scan.pdf..rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:518'606 bytes
First seen:2020-04-30 07:58:05 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:EzfvY0aiYr7VW3F05fTp/o1xQ5BalZ+iG6qNAuDy/dZ2f:UfvY0aiYri0/4GfaGiYNA0k2f
TLSH 0CB423CA9B8DF3C21BE25B69A6657CCD14A9DC059BBC3542A8DB3D200140DDBD932DB1
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vato.com
Sending IP: 89.38.150.219
From: MLSCMCONSUMABLES <james@karensalazar.ml>
Subject: RE:RE:Payment
Attachment: Swift0211.scan.pdf..rar (contains "Swift0211.scan.pdf..exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27121.RarHeur.NoDP.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agenttesla
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 08:36:07 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rddkevqnu6ghjc7rifwfzsfxfxlfwft2hg524amptcs2tzwlrbcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 88c6a2560da78c748bf1416c5cc8b72dd65b167a39bbae018f98a5a9e6cb8845

(this sample)

AgentTesla

Executable exe 53a38cd98e4cf17246e97f7b8e273a6367d181186695e37278e9233c1cdcc3e0

  
Dropping
MD5 a4c214a2b3843000a94883e4eae90ec3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 53a38cd98e4cf17246e97f7b8e273a6367d181186695e37278e9233c1cdcc3e0

Comments