MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0490ebfdc2e5cfbd0562358c035cbee8b5b7920e5f7ef2c78a76080fce31d985. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0490ebfdc2e5cfbd0562358c035cbee8b5b7920e5f7ef2c78a76080fce31d985
SHA3-384 hash: c816d8ead2fec5a2741e4cdc94ec5afea942a4eb9265ee7935528e1a293451f15cd642b901e5f07b2d9ad18b0c51eedb
SHA1 hash: 27788a44b02e5c9356a698ef2ee9578237d037d5
MD5 hash: 92beb5e6a3186a873bc815820f01f3a1
humanhash: sweet-sweet-mike-hamper
File name:rlJPEcInJxOdLje.xz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:674'589 bytes
First seen:2020-07-08 06:32:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:apHdT274JIzzRF9VdqcIoreO3vFaW+1ME79Myl0Ao5/GIU62xDOHeCZ1uW70L:M9S74JI794Qbb+1vM60Ao3t2x2Z1n7y
TLSH 58E42367A5FB67DF4841B00020DFB56DC7D420D745B81C78CB89A12CE4AF54BE98ACBA
Reporter abuse_ch
Tags:AgentTesla xz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: postmaster.mediaclick.com.tr
Sending IP: 213.159.28.168
From: BURSA-VALEO OTOMOTIV-CLUTCHES <mahmoud@nonamegroup.co>
Reply-To: saleslink@yandex.com
Subject: PO_4130000679_1593759364/ INVOICES
Attachment: rlJPEcInJxOdLje.xz (contains "rlJPEcInJxOdLje.exe")

AgentTesla SMTP exfil server:
mail.ereglitso.org.tr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0490ebfdc2e5cfbd0562358c035cbee8b5b7920e5f7ef2c78a76080fce31d985/
Threat name:
ByteCode-MSIL.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 06:34:09 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=asiox7oc4xh32blcgwgagxf65c23peqol57pfr4koyea7trr3gcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 0490ebfdc2e5cfbd0562358c035cbee8b5b7920e5f7ef2c78a76080fce31d985

(this sample)

AgentTesla

Executable exe fb28a89e1067428e1cd2c8fd9d41d297a09e5e1f6a1698f70d56871a49f8bc51

  
Dropping
MD5 07817c3519548de3be1d127fabdb7ec6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fb28a89e1067428e1cd2c8fd9d41d297a09e5e1f6a1698f70d56871a49f8bc51

Comments