MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ffbfe068c5b31147160c129b8f4a2e3c527f44d704f17dd1da69049d2e835334. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ffbfe068c5b31147160c129b8f4a2e3c527f44d704f17dd1da69049d2e835334
SHA3-384 hash: 04e9d36db2a46accc94c0a120358837cd61684b3346b02ac78bff6962fde49f844298f5e358f43e25db8adf8f35dc7f0
SHA1 hash: 80afa1282d248fa7663a0d8d91864ac87f43bc45
MD5 hash: 0436f7a55da88c4b9601bdefc1c770e9
humanhash: uranus-fillet-uniform-timing
File name:PO no. 0107-320804-1.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:403'523 bytes
First seen:2020-05-11 15:26:23 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:cRwKj6zHJyAahusGUDnf46lDDW+2XWan4Mq7SzYdGRQiDDXOTRHVs/4Uj:cCY2HYAOz7DnPpXP7SwRiDDx//
TLSH 3E84230B17EBE06B6DC9622A59FFF7F2C95138A805CCD3C442F6131B57E460B1A9291B
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: SEATEK TRANS PTE LTD <suleman@aatml.com.pk>
Subject: PURCHASE ORDER 11/05/20
Attachment: PO no. 0107-320804-1.arj (contains "PO no. 0107-320804-1.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 14:12:27 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7676a2gfwmiuofqmckny6srohrjh6rgxatyx3uo2necj2ludkm2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj ffbfe068c5b31147160c129b8f4a2e3c527f44d704f17dd1da69049d2e835334

(this sample)

AgentTesla

Executable exe 45a0e874237e2b2ae5828e37fcf1600f44e35b5f90ebae5e56b42289bf9ce8b4

  
Dropping
MD5 25ee8442205f13777e3b9b477f6e84e9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 45a0e874237e2b2ae5828e37fcf1600f44e35b5f90ebae5e56b42289bf9ce8b4

Comments