MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a554bc376b0de0edafd26515cdef88a10be12ce6bb324a5aea72471cb611207f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a554bc376b0de0edafd26515cdef88a10be12ce6bb324a5aea72471cb611207f
SHA3-384 hash: b037a21790569f3e8984e9ec4b6046d65ef17327dc55efa1e551ab8fa08c38b65973465f45d8ca89496c07cf17637b42
SHA1 hash: e6189e709cc3b3eb09af76cb6d94095e421ca367
MD5 hash: 7c770d6b9d663a31848d265c96470fcd
humanhash: bakerloo-apart-river-eight
File name:Payment Slip And Invvoices Paid_pdf.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'835'008 bytes
First seen:2020-11-07 10:27:26 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:/HsOE7LndGzvUzyYCR0vEIcaLNfPbCPWm1/Wsf:/HspPdGz86R0vEraLNbCTuw
TLSH 458569E2EE43D65AC40A04FFF84FD46D8385DF1D57A88C465288F319127868DDAE84FA
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail-ogi-t59-f80.ogicom.net
Sending IP: 213.108.59.80
From: Konkurs|Account Payable <konkurs@septodont.com.pl>
Subject: Confirmation Of Invoice And Bank Details.
Attachment: Payment Slip And Invvoices Paid_pdf.img (contains "Payment Slip And Invvoices Paid_pdf.scr")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a554bc376b0de0edafd26515cdef88a10be12ce6bb324a5aea72471cb611207f/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 21:07:36 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uvklyn3lbxqo3l6smuk4334iuef6clhgxmzeuwxkojdrznqreb7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img a554bc376b0de0edafd26515cdef88a10be12ce6bb324a5aea72471cb611207f

(this sample)

AgentTesla

Executable exe 51874d1c039e563df3c8f2603fb84827126a826b1ad37c54035b3a12e3bd4ff6

  
Dropping
MD5 2f439308ad6f98abf3304bb3758a58e2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 51874d1c039e563df3c8f2603fb84827126a826b1ad37c54035b3a12e3bd4ff6

Comments