MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1c8b35b4776cb6c33004ea73dfc6f616be467b53a3bf8a0790f311e91ac3ef2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1c8b35b4776cb6c33004ea73dfc6f616be467b53a3bf8a0790f311e91ac3ef2
SHA3-384 hash: 292dc62122bd5fb5ecb12f1a0da9946872227e7736a2554d316250f30a3d75c403409d20ac538b56fcb70ed23e30e3f2
SHA1 hash: e95ffdb39ff291fb0ff0d7644c11cbcd6c5e89fc
MD5 hash: 8850d293b09a8811431469a7b682c437
humanhash: island-beryllium-alpha-oscar
File name:JUSTIFICANTETRANSFERENCIA.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:395'917 bytes
First seen:2020-06-04 13:22:37 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:+hG4ZwCSL9LnfpIGc9gwqrmKgxS6fSK5i17l3kbMH8:E+pBGmsKwuWMc
TLSH 1E8423F1BE322C933AB508A62D325D81E5FE15AB752B347C4D031658A581A6FFE2C742
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.strongmailvault.com
Sending IP: 111.90.144.228
From: info@yosungroup.ga
Subject: Rv: Evidencia de pago
Attachment: JUSTIFICANTE TRANSFERENCIA.rar (contains "JUSTIFICANTE TRANSFERENCIA.exe")

AgentTesla SMTP exfil server:
smtp.imconstructions.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 13:36:42 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2helgw2ho3fwymyaj2tt37dpmfv6iz5vhi57ridzb4yr5enmh3za._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar d1c8b35b4776cb6c33004ea73dfc6f616be467b53a3bf8a0790f311e91ac3ef2

(this sample)

AgentTesla

Executable exe 6c1d19babfa606ff54c791d86f53bc2fae6def5a101c3205d741d6fb1e5c3cc4

  
Dropping
MD5 1ec08a9e0b94e8cc91815685c57254c6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6c1d19babfa606ff54c791d86f53bc2fae6def5a101c3205d741d6fb1e5c3cc4

Comments