MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d598e75a9f56eb7e27c7fe2dac26946e6060428eb16138caba9b715000da074d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d598e75a9f56eb7e27c7fe2dac26946e6060428eb16138caba9b715000da074d
SHA3-384 hash: 08aea98dc077e8fe7b2c3278eca768542b68121e16230491a480652efa894da0d15d4be96d213cc77226773bf7e6bef6
SHA1 hash: 948c4178d4feffe896648c5b25ba77950f83f46c
MD5 hash: e2414f3710396c1b16c605f28fb7392f
humanhash: paris-fifteen-video-mockingbird
File name:Lombard order.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:319'773 bytes
First seen:2020-07-16 19:11:33 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:fB86L832SoWhm65epLemMGqHhxF1nzwR1GQH6YNF1imH2rNXMI:LgNo4epaYqfF662NF1qxcI
TLSH E56423496427DF5CCD71B2958662C7094021911BAFFE03EC216ED2C1D997ACAC8BEF36
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: pelanduk.empatdns.com
Sending IP: 180.235.149.75
From: Edwin Su <redaksi@suarakaltim.com>
Subject: New orders
Attachment: Lombard order.rar (contains "Lombard order.exe")

AgentTesla SMTP exfil server:
smtp.epaindemgroup.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d598e75a9f56eb7e27c7fe2dac26946e6060428eb16138caba9b715000da074d/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-07-16 19:13:04 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2wmoowu7k3vx4j6h7yw2yjuunzqgaquowfqtrsv2tnyvaag2a5gq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar d598e75a9f56eb7e27c7fe2dac26946e6060428eb16138caba9b715000da074d

(this sample)

AgentTesla

Executable exe bcdf903e15833b193349df7405af34e9b48a943c703d3ce222d82911e6e7d6f8

  
Dropping
MD5 3654c785bc5bc37d4ab31a354a6aab57
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bcdf903e15833b193349df7405af34e9b48a943c703d3ce222d82911e6e7d6f8

Comments