MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2e646e57bf390efac2f83b4fbc7e0e417a47c3f69ada557098298424bee2390. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2e646e57bf390efac2f83b4fbc7e0e417a47c3f69ada557098298424bee2390
SHA3-384 hash: c9ea19b7a38b27942ad1a8f8a155bd5e97305a70ba87cdde7eadf97acf8907817dc276972577bb123bc950896fac3b27
SHA1 hash: 3fae65356f3b0c1050f0fbba645e1463cd86cd5d
MD5 hash: 3d6a0c698865bed94d905753e6bba095
humanhash: kentucky-mirror-single-five
File name:SOA.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:955'185 bytes
First seen:2020-05-25 15:49:13 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:wYv9B2/A02jNZ40WCzcwLyg4JaJE3LG/VNj2PYKi+PY+2O7INcf9cH:FUA0aNi6YVg4JaJE3K/VNj2P7XINc6H
TLSH 2315339B8997AE919DD0B5ACDDFD06EB14CD323622ACFC88A23D437180D5366793211F
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: shinekoo.com.cn
Sending IP: 103.99.1.173
From: ACCOUNTS<op5@shinekoo.com.cn>
Subject: FROM FEBRUARY TO APRIL STATEMENT OF ACCOUNT ( URGENT!)
Attachment: SOA.rar (contains "SOA.exe")

AgentTesla SMTP exfil server:
mail.niftylabs.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 16:35:25 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar c2e646e57bf390efac2f83b4fbc7e0e417a47c3f69ada557098298424bee2390

(this sample)

AgentTesla

Executable exe 8b9172b2c33f94978f53d0197c809c937264197976d1c9f5fb027fd29280250b

  
Dropping
MD5 8a8f7f498f4c15da29dc67de0e5d6603
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8b9172b2c33f94978f53d0197c809c937264197976d1c9f5fb027fd29280250b

Comments