MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc47d336ced92b8b5a3f21ed86487398abf506482a927e86b12a3bccb12f817c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc47d336ced92b8b5a3f21ed86487398abf506482a927e86b12a3bccb12f817c
SHA3-384 hash: 56a54bf2c2e3146318686673ce6b3988199df32d867a5f5327f869a2ebfe331859dc331c3e436c2e141a04899a4e6791
SHA1 hash: 11aeeec6bb4a0abc6dcaf9ef368142991854b41a
MD5 hash: 57bbf601b3c4bca895d9e67653b9eb92
humanhash: tango-mirror-friend-avocado
File name:Order-Project Procurement for May CK.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:356'413 bytes
First seen:2020-05-11 12:06:30 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:643JJJJC01167dq/e8LL1yqdLjgXz6pKSo8H8hFLL4pLLwPLeDTZ5X5wXzjA6N:NvCg6qWsL1XozHL8H8hFLLywzeDTL5OD
TLSH D37423EB84C5C7022C2F22FBD10F3AA15176BB6D91D5286B13F65B0E4C1972BC689D63
Reporter abuse_ch
Tags:AgentTesla cab


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: [209.58.149.66]
Sending IP: 209.58.149.66
From: Hairil Bin <sumant.k@indiaelec.com.sg>
Subject: Order-Project Procurement for May
Attachment: Order-Project Procurement for May CK.cab (contains "Order-Project Procurement for May CK.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.KillProc2.10392.26306.29065.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Reline
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 12:35:43 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zrd5gnwo3evywwr7ehwymsdttcv7kbsifkjh5bvrfi54zmjpqf6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab cc47d336ced92b8b5a3f21ed86487398abf506482a927e86b12a3bccb12f817c

(this sample)

AgentTesla

Executable exe 6571a6a2f8b29ed6ff0f9df04eb1081d339d76f81f3e1cf83245f7d1485907cc

  
Dropping
MD5 5ef2b423b142c1352dbcfa93edaa064f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6571a6a2f8b29ed6ff0f9df04eb1081d339d76f81f3e1cf83245f7d1485907cc

Comments