MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe4761896d42575ccb735e777d7606928b402a115ae4839849c4b587d3e317af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe4761896d42575ccb735e777d7606928b402a115ae4839849c4b587d3e317af
SHA3-384 hash: af8269649a70c77e9446f2cec475165d6ad3857ad250394acffb5a617a3588810264f079a9a2829c9e1cbebbc4c73ab3
SHA1 hash: 46bb4f5f021e7f13056f2c22d95d1a0527992c3c
MD5 hash: 92f94eb10473cc56ba2acfba08627910
humanhash: lake-autumn-golf-earth
File name:ORDER_PO2004300059.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'031'616 bytes
First seen:2020-05-01 15:15:30 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:YAHnh+eWsN3skA4RV1Hom2KXMmHagbsvJRfQJ5eV2VjNS3lfd75:fh+ZkldoPK8YagbsLQWV2m3N
TLSH 0195CF0263919036FFAF92739B55B241567CB928032384FF22B85DB8A9705F11E3D66F
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: main.oal.com.my
Sending IP: 103.8.26.32
From: SALES-Medikoz San. Tic.Ltd.Şti <fablo_vare@ykk.it>
Subject: Re: Purchase Order
Attachment: ORDER_PO2004300059.IMG (contains "Order PO2004300059.exe")

AgentTesla SMTP exfil server:
mail.elkat.com.my:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 20:17:29 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7zdwdclnijlvzs3tlz3x25qgskfuakqrllsihgcjys2ypu7dc6xq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img fe4761896d42575ccb735e777d7606928b402a115ae4839849c4b587d3e317af

(this sample)

AgentTesla

Executable exe 02ad360e618d817b9a5da264704a5dfbf337856ea20bdfd471446e0a8fa27036

  
Dropping
MD5 43f25dacf8b102a89a299e7c7b4257b5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 02ad360e618d817b9a5da264704a5dfbf337856ea20bdfd471446e0a8fa27036

Comments