MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef56586f5864bc21dc181a780f557ece1dca5f8b5b2d23ce1362f8867246e169. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef56586f5864bc21dc181a780f557ece1dca5f8b5b2d23ce1362f8867246e169
SHA3-384 hash: 3f2bc579e935f34663d1cfc09f94daeb430fa0679f197bb9e322e9c8dfe7a4ccc8636f78dbb397ea91b0d5fde4f40422
SHA1 hash: 69af6e0a489e7cc4c5e0fd152e033892dc1b8a9b
MD5 hash: 6d259da565322428eaae29463428a0b3
humanhash: dakota-four-neptune-princess
File name:74658786790.GZ
Download: download sample
Signature AgentTesla
Create hunting rule
File size:236'560 bytes
First seen:2020-05-25 12:33:30 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:i1rphtqpDFufqBbou7rABw4lT1CA3SaZU+pTUc:ihUR9Fo4ANZp3q+Gc
TLSH 5C3422FD3F521AE68AA582DDC7E8BD7BD6C700141BF4642B846CBC032187A174CB7969
Reporter abuse_ch
Tags:AgentTesla ESP geo gz Santander


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ecorreo.avanzas.com
Sending IP: 185.176.8.27
From: Factoring y Confirming - Grupo Santander <fycuot@gruposantander.com>
Subject: Confirming - Aviso de pago
Attachment: 74658786790.GZ (contains "74658786790.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 12:37:23 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz ef56586f5864bc21dc181a780f557ece1dca5f8b5b2d23ce1362f8867246e169

(this sample)

AgentTesla

Executable exe b9e74c886a2ecadb0dc31306ff04b9c9df989ba04f06e8791c94aa49f6651d92

  
Dropping
MD5 0b94f11220c332e496931658e97ea551
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b9e74c886a2ecadb0dc31306ff04b9c9df989ba04f06e8791c94aa49f6651d92

Comments