MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e253fe1f062bcc063fcad6e3b409271a7fa2eddab78f7a55c09af77d4f347e39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e253fe1f062bcc063fcad6e3b409271a7fa2eddab78f7a55c09af77d4f347e39
SHA3-384 hash: 4bd23b2e18754bfb634b03a29926b46cf5cab7e04fa4754242c9fc5f129e0ee4e724bc0079480b64c5d3c32733a44265
SHA1 hash: de34c40a40fae474507ba0bb4490db307ad5dd50
MD5 hash: 5c3fb6a63f2ddcaf466c73aaf05b0bdd
humanhash: quiet-equal-yellow-vermont
File name:Paymentslip.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'175'801 bytes
First seen:2020-05-01 17:33:41 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:DVheaCcUAts48VCpCL565cL2MFFzZz4JD4D/Jeow:7eaKAtsjVCpCL4WDsU/C
TLSH 8545332B4F4B5A6FA4F771E699C3FE127868C615B70CABE04238E3A553297377439006
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: zebra.vivawebhost.com
Sending IP: 78.128.60.93
From: ACCOUNT DEPARTMENT <kate@advendashersafaris.co.ke>
Subject: SWIFT Transfer TODAY
Attachment: Paymentslip.rar (contains "Paymentslip.exe")

AgentTesla SMTP exfil server:
mail.grangeresort.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 17:35:25 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4jj74hygfpgamp6k23r3icjhdj72f3o2w6hxuvoatl3x2tzupy4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar e253fe1f062bcc063fcad6e3b409271a7fa2eddab78f7a55c09af77d4f347e39

(this sample)

AgentTesla

Executable exe 91af9754037394b1767f053d85d87630bed3ba9a52ca6865c2805b8c733b1b5c

  
Dropping
MD5 207cdd8788755c786405e7b711eaf4d9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 91af9754037394b1767f053d85d87630bed3ba9a52ca6865c2805b8c733b1b5c

Comments