MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 996da50bb2b0b3749b76592243a670348e027533ea4d337ecf2131daaace8a46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 996da50bb2b0b3749b76592243a670348e027533ea4d337ecf2131daaace8a46
SHA3-384 hash: 599c3c00b7fd8492cfd103494c81bd3c912cd29174cf3ae0868d35fa6169fe65cf150793c281dd6310aa31778a091a5f
SHA1 hash: 97e3860629e6bcc2d3f627adfccd90b3e7465a41
MD5 hash: 8dcbf20852cd71e7bb5e3d9a404802fe
humanhash: november-earth-cardinal-pasta
File name:COVID-19 Communication to corporate Clients..rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'324'606 bytes
First seen:2020-03-31 07:06:46 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:LZzXLLGfUr0TbknVRMi5WT52lkYbZT8ZYmG8P93uZpJ+5/BDjGzVtor:LZS8rcAQuW52lkYbZulG8+05/BDCzVq
TLSH BE5533214041B87E9CCCFB61C2CA4D233792A75559888F4AA7BD50A53C5D3AD8EDCB8F
Reporter abuse_ch
Tags:COVID-19 rar


Avatar
abuse_ch
COVID-19 malspam distributing AgentTesla:

HELO: smtp.smlab.ma
Sending IP: 163.172.133.4
From: hdridelli@gpa-export.com
Subject: Important Notice to Our Corporate Clients & Partners - COVID -19
Attachment: COVID-19 Communication to corporate Clients..rar (contains "COVID-19 Communication to corporate Clients..exe")

AgentTesla SMTP exfil server:
mail.rajalakshmi.co.in:587 (43.225.55.205)

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27121.RarHeur.NoDP.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 18:39:47 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tfw2kc5swczxjg3wlerehjtqgshae5jt5jgtg7wpeey5vkworjda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 996da50bb2b0b3749b76592243a670348e027533ea4d337ecf2131daaace8a46

(this sample)

AgentTesla

Executable exe 4242b7ecf6c53a0625bf1828a21eb604e328c5218161e698fcb815ad2dc597c0

  
Dropping
MD5 2a765f06930634dc23fe2914f76c740e
  
Dropping
SHA256 4242b7ecf6c53a0625bf1828a21eb604e328c5218161e698fcb815ad2dc597c0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4242b7ecf6c53a0625bf1828a21eb604e328c5218161e698fcb815ad2dc597c0

Comments