MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5d039713bf1fc7ec618e22f918a762f9b0637dea7aa8802fc681866a245b4a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5d039713bf1fc7ec618e22f918a762f9b0637dea7aa8802fc681866a245b4a1
SHA3-384 hash: 67cfa0f943e3375fe2e459c0d62edbcbaac7aea0e97c135d21e1ced500f0f03eb25c65966874a84207aed5d96bb6f58a
SHA1 hash: af94aa7561e33c0b0cb367926649e89fa631a6a1
MD5 hash: 0b41666dd4cbf761f388ba01b0c11543
humanhash: angel-fruit-whiskey-blue
File name:P01307020.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:656'454 bytes
First seen:2020-07-13 06:23:59 UTC
Last seen:2020-07-13 06:25:12 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:P8F07tZ3hc+UpA/6N2+IJ+RfJRn6I0PPGUvjh+SXWyaGtZNtYsf:BhjU2+IJWP6I2vjAmWqvvf
TLSH 29D42339B2D9E2021ED8DF88CC836782DF1F825CC66464AE395B7A78791D31683C51F1
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: virtualhost.com.tw
Sending IP: 175.183.3.134
From: PT. Gamako Ekakarsa <sales@gamako.co.id>
Reply-To: jr210131mr@gmail.com
Subject: NEW ORDER
Attachment: P01307020.rar (contains "P0#1307020.bat")

AgentTesla SMTP exfil server:
mail.sonorainmuebles.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d5d039713bf1fc7ec618e22f918a762f9b0637dea7aa8802fc681866a245b4a1/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 06:25:08 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2xids4j36h6h5rqy4ixzdctwf6nqmn66u6viqax4namgnisfwsqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar d5d039713bf1fc7ec618e22f918a762f9b0637dea7aa8802fc681866a245b4a1

(this sample)

AgentTesla

Executable exe 444192ef5b35be5a6f8ef611430c1b75df0f51aced396b7ca84e6efb18702da6

  
Dropping
MD5 7786918375ffa948cc7e01006828caa1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 444192ef5b35be5a6f8ef611430c1b75df0f51aced396b7ca84e6efb18702da6
  
Dropping
SHA256 cf4cf0f064bbd1115fdee0971c7ffc9a474984eeda8107040589b425ae1a6605
  
Dropping
MD5 735f03674a0a65c14088e18657694fe9

Comments