MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed5ff90bf75779d13250384ca760ac821ad07de586cec1232551774024098658. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed5ff90bf75779d13250384ca760ac821ad07de586cec1232551774024098658
SHA3-384 hash: 33f2be29c8a6976f9adbd9c9afbe6d80345b866b85a61e5aa69bf5cf98d8a3d2f0622eba60fe119c5c997dd810841ddd
SHA1 hash: b7344ee8ac4e45ba217b78fab031dcd798454154
MD5 hash: 2885ee22c9885bba1a8aeab23e0c435d
humanhash: fix-zulu-wisconsin-pizza
File name:E-20816.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:439'045 bytes
First seen:2020-08-16 14:51:29 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:ETYVhSmL5nQjStJvsWyl7rYa+Fi7LLFoRp33S7iNH:ETahD5QjStpby1YTF83A3Su1
TLSH 399423EEEA2B70590FCD5DE0FD6A5ABF2453259881DDC6B73019ECC448F31240669EA3
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: lot.lotusfood.online
Sending IP: 192.232.224.248
From: Purchasing <april_andreas@yahoo.com>
Reply-To: april_andreas@yahoo.com
Subject: ENQUIRY
Attachment: E-20816.rar (contains "E-20816.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ed5ff90bf75779d13250384ca760ac821ad07de586cec1232551774024098658/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-08-16 14:53:05 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5vp7sc7xk545cmsqhbgkoyfmqinna7pfq3hmcizfkf3uajajqzma._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ed5ff90bf75779d13250384ca760ac821ad07de586cec1232551774024098658

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar ed5ff90bf75779d13250384ca760ac821ad07de586cec1232551774024098658

(this sample)

AgentTesla

Executable exe 3e7332310ea67e1982c17c325fde52c70c2155f73d2792b51e2484b86ec51e1e

  
Dropping
MD5 8e9625359fdd16f2e4d3d3c0e570b190
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3e7332310ea67e1982c17c325fde52c70c2155f73d2792b51e2484b86ec51e1e

Comments