MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef4f226faa6c2cc57b44e919030efad68bedb81613d4d04eaf88e468249ff3ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef4f226faa6c2cc57b44e919030efad68bedb81613d4d04eaf88e468249ff3ee
SHA3-384 hash: 7c5b8f7bba8bf9cee8d6e96941b041ddfd6337a56dcaf953433b5253517e49e55b3007da23908b8eff139c46bb53de9e
SHA1 hash: 2a905584a40ffc783341d70868fabeafd2d60a1d
MD5 hash: 124c4a26de5791f9e3b844112e6e2557
humanhash: seven-video-monkey-august
File name:PRODUCT LISTS.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:415'985 bytes
First seen:2020-04-01 12:31:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:2Lz5guY/CHnOuQhsB207d+8ao0qhONSZZEPjrkba90/haPuICsaRtCD9/:25gIHQZe9aY0NSsPsO0/hN+aLuh
TLSH 639423ED9AB7B82C4037489B7779094DC629EE76723E22267169DAEF4C443D2D433207
Reporter abuse_ch
Tags:AgentTesla COVID-19 rar


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: linux1117.grserver.gr
Sending IP: 95.216.16.146
From: U.S. Department of Health & Human Services <Hubert@ushealthdep.com.us>
Subject: URGENT NEED: U.S. Department of Health & Human Services/COVID-19 Face\x0a Mask/ Forehead thermometers..
Attachment: PRODUCT LISTS.rar (contains "PRODUCT LISTS.exe")

AgentTesla SMTP exfil server:
smtp.bapipl.com:587 (208.91.199.224)

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 12:35:52 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
18 of 47 (38.30%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=55hse35knqwmk62e5emqgdx222f63oawcpknatvprdsgqje76pxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar ef4f226faa6c2cc57b44e919030efad68bedb81613d4d04eaf88e468249ff3ee

(this sample)

AgentTesla

Executable exe 4587ca2f64d875b1d6e41906a820696f7d9d813f8f8401b6e0728cfbb348415f

  
Dropping
MD5 bbb8e97baf68937ad4d37f1ee142b581
  
Dropping
SHA256 4587ca2f64d875b1d6e41906a820696f7d9d813f8f8401b6e0728cfbb348415f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4587ca2f64d875b1d6e41906a820696f7d9d813f8f8401b6e0728cfbb348415f

Comments