MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d66df2b3bfa4b38c091e6ef0435aaa7f7e4c83a6496083a019b7106f1eb91211. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d66df2b3bfa4b38c091e6ef0435aaa7f7e4c83a6496083a019b7106f1eb91211
SHA3-384 hash: 633af91d9cdc3afea405e081c981811faa21239e659beef0c6b4ff893a69608862b6c3cb417859eecbcd86b42e8fb295
SHA1 hash: 29efb71233b75ef076de0e2613340c3c7b52f2c9
MD5 hash: c51ceff70283cd638e45ff140847f4bb
humanhash: thirteen-finch-butter-lake
File name:Proof of payment.CAB
Download: download sample
Signature AgentTesla
Create hunting rule
File size:273'781 bytes
First seen:2020-05-25 15:21:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:JZPVPCVTkKbt11kg/aWfFXSVQwhBBpNGxZbtMWiZp6u6p:Jc11pFllxZ2WiZpBO
TLSH BA442349546ED67D708DE5F3BBBF27E4A61888B5AC82C3D1202AD60808C14594BFDDFE
Reporter abuse_ch
Tags:AgentTesla cab


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: email.trendyol.com
Sending IP: 190.117.101.190
From: Trendyol <seller@email.trendyol.com>
Reply-To: Trendyol <seller@email.trendyol.com>
Subject: RE: Statement of Account
Attachment: Proof of payment.CAB (contains "Proof of payment.exe")

AgentTesla SMTP exfil server:
mail.baglam.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisTrojan.15865.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 15:35:52 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d66df2b3bfa4b38c091e6ef0435aaa7f7e4c83a6496083a019b7106f1eb91211

(this sample)

AgentTesla

Executable exe 5fcb69f07137e2d2c29bb1acf23140bf46b03c6cf0a899d778b5093f2255fd0d

  
Dropping
MD5 46561dbae3b5988dc2294b6839e95830
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5fcb69f07137e2d2c29bb1acf23140bf46b03c6cf0a899d778b5093f2255fd0d

Comments