MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c34e270b42c9783480542df099278242ce3e5d2b20c68cbd4c1a09a01d88de7f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c34e270b42c9783480542df099278242ce3e5d2b20c68cbd4c1a09a01d88de7f
SHA3-384 hash: cb45bd691de211d907a6bfdf88d3b67883cf7f0d8747c7c327c7dd5f71e20bf9f92548ee7a59dc2e7b16c1a3f3a2fdcc
SHA1 hash: b708b216c8451d43425686789e5b8fdd96e268a4
MD5 hash: c6121f19cea2262fa07f995496ff7042
humanhash: iowa-lemon-fruit-snake
File name:PO200432.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:402'765 bytes
First seen:2020-05-20 07:08:13 UTC
Last seen:2020-05-20 07:08:58 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:BDXFI9F+y1cBg3IfhL10+AmJNgmsE/Z7hbqK6:pXF8fcBgYfr0ogm1/Te
TLSH 518423654D4CCA478C16170AE93D183FB6CE81BD4A12267CA4B9F8C61B7DCB4117EA8E
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: egyptianlng.com
Sending IP: 103.99.1.148
From: ELNG Buyer6 <elng.buyer6@egyptianlng.com>
Subject: PO# 200432
Attachment: PO200432.rar (contains "PO#200432.exe")

AgentTesla SMTP exfil server:
mail.himdiesel.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27363.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 07:20:36 UTC
File Type:
Binary (Archive)
Extracted files:
288
AV detection:
17 of 30 (56.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ynhcoc2czf4djacufxyjsj4cilhd4xjleddizpkmdie2ahmi3z7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar c34e270b42c9783480542df099278242ce3e5d2b20c68cbd4c1a09a01d88de7f

(this sample)

AgentTesla

Executable exe 212c81cd9b00f937eb5604a19504ea8588315ff4e8c0610dcc78016a93967fbd

  
Dropping
MD5 75b2819bf8d2e69f3cf01036eba669e1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 212c81cd9b00f937eb5604a19504ea8588315ff4e8c0610dcc78016a93967fbd

Comments