MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a068d2a7c2ff644a5f732cc37d76db4263a351f82141d2bd441504c774c17089. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a068d2a7c2ff644a5f732cc37d76db4263a351f82141d2bd441504c774c17089
SHA3-384 hash: 818968f873e7b38ae8d3d91165fc8e9e11d68e951042ff00d2e5f47070e60b757d541867bdad26f455de933457b017e1
SHA1 hash: 992261c6b0d182189e1d74a7d314fc9c7ecd691f
MD5 hash: ee5b2700c7f8f052e8beba9b553e619b
humanhash: pennsylvania-fruit-iowa-thirteen
File name:INVOICE_F46-13 .rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:568'087 bytes
First seen:2020-12-05 15:26:51 UTC
Last seen:2020-12-09 15:26:37 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:8TIJexbH1djpAgxvGG10WY5yYyribQIK6YslRcviuV3HTMk/2MvTxG:8TIandHhGFy1cvcviuHTAyT8
TLSH 6AC423B7CB615FC0811394EC5ED6AEAE10ADB93C9C4D89B8813B165DC0FA0DE29D5E1C
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: invoice.txffp.com
Sending IP: 103.99.1.146
From: Amruta Kulkarni (SumiRiko AVS)<service@invoice.txffp.com>
Subject: RE: Re: [Most Urgent] F46-13 INVOICE
Attachment: INVOICE_F46-13 .rar (contains "INVOICE_(F46-13 ).exe")

AgentTesla SMTP exfil server:
mail.transgear.in:587

Intelligence

File Origin
# of uploads :
6
# of downloads :
339
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a068d2a7c2ff644a5f732cc37d76db4263a351f82141d2bd441504c774c17089/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-12-05 15:27:08 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ubunfj6c75seux3tftbx25w3ijr2gupyefa5fpkecucmo5gboceq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a068d2a7c2ff644a5f732cc37d76db4263a351f82141d2bd441504c774c17089

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar a068d2a7c2ff644a5f732cc37d76db4263a351f82141d2bd441504c774c17089

(this sample)

AgentTesla

Executable exe 1d35fbe1961f63fcc426c5a332d5dfc93dd051ecdfd17ea47790f80f22171ce1

  
Dropping
MD5 19051a2ab285284f277ec3c35bf3784f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1d35fbe1961f63fcc426c5a332d5dfc93dd051ecdfd17ea47790f80f22171ce1

Comments