MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc2abf8ad4c2f193545988068314d2be4e7321d556c512d3c690f26c6b24dda9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc2abf8ad4c2f193545988068314d2be4e7321d556c512d3c690f26c6b24dda9
SHA3-384 hash: 255c77271b8631b37bf3fd392eba99f47d3b7112259cc8a2aafa1c3dc047ff6e9fa5c27fc20c95052b3944c23ef24a5e
SHA1 hash: afe7637d817878ec9774f68847f15df5e61ae408
MD5 hash: 9abb0c2ea24910b0f4c8d2b054c8b6fc
humanhash: sweet-leopard-nine-whiskey
File name:New Doc 80788 2020-06-04 17.22.48.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:348'414 bytes
First seen:2020-06-05 19:17:38 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:6CHcvXR8Bcv5ARVNq5MTYgAwbxDBVgXSr7fnZ9oY+2j4C3l+eavH:PZegTIwlbaSrrnLoY+2Z1+1
TLSH B474230FE0622F545AB6335A04223AE25D20E9F6B7A0155D0EEE7FF806D4687CD83F24
Reporter abuse_ch
Tags:AgentTesla arj Yahoo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sonic307-27.consmr.mail.sg3.yahoo.com
Sending IP: 106.10.241.44
From: ASIAENGG Front Office <reception@asiaengg.com>
Subject: Re: Returned Payment
Attachment: New Doc 80788 2020-06-04 17.22.48.arj (contains "New Doc 80788 2020-06-04 17.22.48.exe")

AgentTesla SMTP exfil server:
webmail.dragon-pack.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 19:19:03 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xqvl7cwuylyzgvczradigfgsxzhhgiovk3crfu6gsdzgy2ze3wuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj bc2abf8ad4c2f193545988068314d2be4e7321d556c512d3c690f26c6b24dda9

(this sample)

AgentTesla

Executable exe b5258ddc74fd2d455241f16d2505ab8c67b590fde3f5475be867e28c7856be07

  
Dropping
MD5 bfa3f50f22087af2d2005fdbbd9fc1db
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b5258ddc74fd2d455241f16d2505ab8c67b590fde3f5475be867e28c7856be07

Comments