MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 913bc2a3f61f847f8c2c1b13f46443eea070f7c6cc28cc630fa6fef2750492c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 913bc2a3f61f847f8c2c1b13f46443eea070f7c6cc28cc630fa6fef2750492c8
SHA3-384 hash: c1c528626ad0e650dea710499f5905142fea67e02956c2f48d4f1ec9f833beab24d37efd847e2b8870fe782daafb029e
SHA1 hash: 045f14f20fa380fbd7b8fbec9b57d5070567e97d
MD5 hash: 8ec993260e1432bba8f5acdf5fc8d870
humanhash: tango-muppet-oxygen-missouri
File name:Pago.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:384'206 bytes
First seen:2020-12-02 09:08:37 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:37P2gmetOxXQuYz7B1s0JkMCMMB+DVo66a+y/qK84uE9bNwYxRW:T2gfi8A6tXhDG66V2bekI
TLSH 968423B34A63944E8DD86FE27AABC7117A2771A78C4DA1E0CA46EB4C341C51A3F15FC4
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sl20.grupo-open.net
Sending IP: 147.135.136.63
From: Sandra Sánchez <sandra.sanchez@multiforma.es>
Reply-To: Sandra Sánchez <yos.afffandi@gmail.com>
Subject: Re: Pagos
Attachment: Pago.rar (contains "Pago.exe")

AgentTesla SMTP exfil server:
mail.tri2win.co.nz:587

AgentTesla SMTP exfil email address:
boy92454@gmail.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.20970.5665.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/913bc2a3f61f847f8c2c1b13f46443eea070f7c6cc28cc630fa6fef2750492c8/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=se54fi7wd6ch7dbmdmj7izcd52qhb56gzqumyyypu37pe5ieslea._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/913bc2a3f61f847f8c2c1b13f46443eea070f7c6cc28cc630fa6fef2750492c8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 913bc2a3f61f847f8c2c1b13f46443eea070f7c6cc28cc630fa6fef2750492c8

(this sample)

AgentTesla

Executable exe efcd8b4258174d99d21ed0be8a946ca98787e58543194208301af6189ae39f84

  
Dropping
MD5 f3a041bea9312320ae941df96a62f0fe
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 efcd8b4258174d99d21ed0be8a946ca98787e58543194208301af6189ae39f84

Comments