MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d79f5fbdf6a3c9820d97781a488ddfd3bec6b99a81da4e79a7d7b3079e83a36e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d79f5fbdf6a3c9820d97781a488ddfd3bec6b99a81da4e79a7d7b3079e83a36e
SHA3-384 hash: e8a021c6cc375195dd960327782b28df6912f81f867ba7935aad07b9490d7c1fea4b8506880df9232e6fabf758ec4904
SHA1 hash: 64fabfd56a8864c03534e8087e35eadbcfa7714b
MD5 hash: 85ac5cfdac2c1901ff8e544753c3950f
humanhash: purple-delaware-earth-berlin
File name:PO-TSP-732.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-04 06:43:47 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:7aUDdC6VEt6p3SEKTWss1wUXchbxNbf46:7E6NpfViUX0xNbfP
TLSH 2E454B393685A815E63D093348A55BD067B2AA433B12CB0F7BCA679C6F037CF3B45259
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: spl49.hosting.reg.ru
Sending IP: 37.140.192.41
From: sophia@weichuangmfg.com
Subject: Re:Order confirmation needed PO-TSP-732
Attachment: PO-TSP-732.IMG (contains "PO-TSP-732.exe")

AgentTesla SMTP exfil server:
mail.chenklins.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 17:08:25 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=26pv7ppwupeyedmxpanerdo72o7mnom2qhne46nh26zqphudunxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img d79f5fbdf6a3c9820d97781a488ddfd3bec6b99a81da4e79a7d7b3079e83a36e

(this sample)

AgentTesla

Executable exe 20930d75978a53a1338afde2dda836b7133a85b3557b2d6640ba39345f7ccfca

  
Dropping
MD5 c1e1f544d338e830b805470754b3eed4
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 20930d75978a53a1338afde2dda836b7133a85b3557b2d6640ba39345f7ccfca

Comments