MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f03dab789bf5e581642a788920a971b7424ee9c7597a04ea5f31ed00d9c0e2ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f03dab789bf5e581642a788920a971b7424ee9c7597a04ea5f31ed00d9c0e2ad
SHA3-384 hash: 16380796b3a2dcc40713b95570b73dcfa001fece6746a73652d2397725871f2ec6f9b78a8fbbe41dca69d7857acacd06
SHA1 hash: c1729bb20343d9979b6e460aac170dbec393c69f
MD5 hash: 0f180c460d21e704cc15723e22e88b70
humanhash: berlin-virginia-violet-stream
File name:statement of account.r11
Download: download sample
Signature AgentTesla
Create hunting rule
File size:436'464 bytes
First seen:2020-05-27 08:46:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:mn2hs5hei/nEWegznt5rIOsj+Ld165csG2YiNmyh:huJvE90d16CsthMyh
TLSH 4394236F453156298FC5EC10911E19688DEE53954AE3D26AF8334F412C2B7B5F3E80CB
Reporter abuse_ch
Tags:AgentTesla r11


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: relaymail.ingenosya.mg
Sending IP: 5.189.167.183
From: Account1 <rist.budapest@rist.hu>
Reply-To: Account1 <rist.budapest@rist.hu>
Subject: RE: Request for Statement of Account as of Fed-May-2020/// Payment
Attachment: statement of account.r11 (contains "statement of account.exe")

AgentTesla SMTP exfil server:
smtp.desmaindian.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 09:13:36 UTC
File Type:
Binary (Archive)
Extracted files:
266
AV detection:
16 of 30 (53.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar f03dab789bf5e581642a788920a971b7424ee9c7597a04ea5f31ed00d9c0e2ad

(this sample)

AgentTesla

Executable exe c566031f2311f0c6769a2bd7280e2b58760ef3df4090b37e542f2f911cbc4f49

  
Dropping
MD5 26b17c1bd783a207723233f9eaa1bd81
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c566031f2311f0c6769a2bd7280e2b58760ef3df4090b37e542f2f911cbc4f49

Comments