MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99dfff5aea67bbe0ac65e9f104f6fd78d7a285022691d21e1ffa6d9643090604. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99dfff5aea67bbe0ac65e9f104f6fd78d7a285022691d21e1ffa6d9643090604
SHA3-384 hash: 01f9655966cd8a0dbce9591983ed9aa8fe739dc0cfa50c2a2d618a6d5f86a7d5737d36730bb1f013e904e56991410b1b
SHA1 hash: 9a02a2aefbc00a679b9931cbe0862a3b5748fc12
MD5 hash: dbed9c750fe523df2b37fa330b504668
humanhash: double-oranges-michigan-green
File name:Scan Copr_PO-00139817927789.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'782'765 bytes
First seen:2020-05-13 06:18:00 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 49152:YDFrA+NxFV/F/U+HtyaDzmO7MteN+ds1+uc7WmeIfVA1THr7j80JlXTm:YDqgxF9F/HDzm2JfS+iK1L7j/XTm
TLSH 4CD5332999806E1363B91CC366A70E691C3B643AEDE3D93DD20D57A503EE4CD0FC5CA9
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: se1f-lax1.servconfig.com
Sending IP: 173.231.224.6
From: fc@engaano.com
Subject: Fwd: PO-#00139817927789 (Amended)
Attachment: Scan Copr_PO-00139817927789.rar (contains "cv.exe")

AgentTesla FTP exfil server:
insooryaexpresscargo.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 06:37:11 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
14 of 31 (45.16%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=thp76wxkm656bldf5hyqj5x5pdl2fbice2i5ehq77jwzmqyjayca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 99dfff5aea67bbe0ac65e9f104f6fd78d7a285022691d21e1ffa6d9643090604

(this sample)

AgentTesla

Executable exe a500af65cdde463b260205bf423f59e03a3f3ffbff5838af44ad46172d5554b9

  
Dropping
MD5 8e2d91235bb4934329abf1a295046231
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a500af65cdde463b260205bf423f59e03a3f3ffbff5838af44ad46172d5554b9

Comments