MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a797c556e558dc49087253d827aa0381d839991bb75820bc6d36e1a0bb6ad0b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a797c556e558dc49087253d827aa0381d839991bb75820bc6d36e1a0bb6ad0b1
SHA3-384 hash: 3527865ecc39bc356f2c5bb18eb92b29f7691eebec78817eef803fba0c6fb5121778d3a08228fd8896c3bad17b2387de
SHA1 hash: d400f4e3d267217cdce7a71814b15c76343b1d18
MD5 hash: f8194482cb7045e90a5d44018063ba8c
humanhash: minnesota-zebra-bacon-oxygen
File name:AWB-18267638920511_ES.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:448'301 bytes
First seen:2020-11-06 07:22:58 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:YhXp/9wYJ4CAwTbSeQdRKm2ruozktgPm//jsM3nxVyCI1wbWvXRJs7oCfy3orjZQ:EP6Crbs3KmUuoXm//4WqbcKv3oXG
TLSH 0C9423EC3224C656FF7839EB329B9B001665F1D33569ECD28E44A51C6A1A52ECF8701F
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: srvc210.trwww.com
Sending IP: 94.199.200.211
From: Antonio Salces Chacon (DHL ES) <AntonioSalcesChacon@dhl.com>
Subject: Documentos de envĂ­o
Attachment: AWB-18267638920511_ES.rar (contains "AWB-18267638920511_ES.exe")

AgentTesla SMTP exfil server:
mail.jjfconsultores.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a797c556e558dc49087253d827aa0381d839991bb75820bc6d36e1a0bb6ad0b1/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 06:12:05 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=u6l4kvxfldoescdskpmcpkqdqhmdtgi3w5mcbpdng3q2bo3k2cyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar a797c556e558dc49087253d827aa0381d839991bb75820bc6d36e1a0bb6ad0b1

(this sample)

AgentTesla

Executable exe 65914c4a71b3670aacb5f165076d8f7f6542be80661727fb6d5d8038c9f13e4d

  
Dropping
MD5 840fd33bbcf89d93f0c05e53f30d305c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 65914c4a71b3670aacb5f165076d8f7f6542be80661727fb6d5d8038c9f13e4d

Comments