MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1dc432b9686851d95e87a674417c96defc1900181965d62d540864fe8fb314c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1dc432b9686851d95e87a674417c96defc1900181965d62d540864fe8fb314c
SHA3-384 hash: 0d8ae5460a4098a5b76c44707fe518d1811b1b89b7d1a40b4102e9c967bfc21a4725874ff3b34736573b5511ad0b1075
SHA1 hash: 89bf19eb6d17341ff6b564187aacdbf73b43c2e5
MD5 hash: 1d7f73d645f72d2a5749023ec3919435
humanhash: victor-nebraska-nebraska-delta
File name:Pallex ITALY_74648 PO.xls.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:382'516 bytes
First seen:2020-06-29 06:51:02 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:QEwz9zzrJUowZriDA2ZTKTcNgPM8ajasM/V57FEDNV2OVTkiEIivt2Uouez:Q5z9vrqoXDH5ymgE2sMzYhUovz
TLSH 268423D1836720FDA873F0AC3126FE91E90B450FEF2315904D246B88D1A65E2DE61BB6
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: zimbra207.megavelocity.net
Sending IP: 192.206.6.182
From: Hugo Alejandro-Pallex ITALY <ceo@budget1.in>
Reply-To: Hugo Alejandro-Pallex ITALY <pallex@italymail.com>
Subject: Re: Quote CIF Port of Brussels Belgium.
Attachment: Pallex ITALY_74648 PO.xls.rar (contains "Pallex ITALY_74648 PO.xls.exe")

AgentTesla SMTP exfil server:
premium57.web-hosting.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d1dc432b9686851d95e87a674417c96defc1900181965d62d540864fe8fb314c/
Threat name:
ByteCode-MSIL.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 06:52:10 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2hoegk4wq2cr3fpipjtuif6jnxx4deabqglf2ywvicde72h3gfga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar d1dc432b9686851d95e87a674417c96defc1900181965d62d540864fe8fb314c

(this sample)

AgentTesla

Executable exe 0e1eab5a85308eb69043f0530b3e1cf40e054375c5b282875aac71a459a11179

  
Dropping
MD5 fbe2ff001f245eb276f770c8d4ccce19
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0e1eab5a85308eb69043f0530b3e1cf40e054375c5b282875aac71a459a11179

Comments