MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 095c96e3ed31e57e568fe28d77c9266d393b8ce2bea8f042cff86bd09a58b9b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 095c96e3ed31e57e568fe28d77c9266d393b8ce2bea8f042cff86bd09a58b9b8
SHA3-384 hash: 6b5b0da56878c93b0a3c9ca364f44360243b5e07a95942d322735c3c68d29bd2148d6092b577ed22a8e98c74adc31aa0
SHA1 hash: 45d7ddf57189f3b96178ea2063d806abc335c59d
MD5 hash: cead6a5cc2d63fff9f3f83347aaff5c0
humanhash: island-fifteen-six-freddie
File name:Bestellnummer 4115272-072020.PDF________.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:357'743 bytes
First seen:2020-07-24 10:55:01 UTC
Last seen:2020-07-24 11:30:37 UTC
File type: gz
MIME type:application/gzip
ssdeep 6144:nIO+s8G4QWP8m/kwsBFpRIOGDtbV4qt+nmeV8G26DyrfDPMEM9qXL3c2sl:nINs8GGPY7QtV42+n5VmrfDDb3c24
TLSH 917423750410021E5596CFCDFD22F74FFE4638B52CB58A5AF1A342EA40941EADE33A2A
Reporter abuse_ch
Tags:AgentTesla DEU geo gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.saglikliveguzel.com
Sending IP: 185.48.181.145
From: Marta Burghard <marta.burghard@ims-zeitarbeit.eu>
Subject: Angebotsanfrage (Bestellnummer 4115272-072020)
Attachment: Bestellnummer 4115272-072020.PDF________.gz (contains "Bestellnummer 4115272-072020.PDF________.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7660762-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/095c96e3ed31e57e568fe28d77c9266d393b8ce2bea8f042cff86bd09a58b9b8/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-24 10:55:08 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bfojny7nghsx4vup4kgxpsjgnu4txdhcx2upaqwp7bv5bgsyxg4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/095c96e3ed31e57e568fe28d77c9266d393b8ce2bea8f042cff86bd09a58b9b8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 095c96e3ed31e57e568fe28d77c9266d393b8ce2bea8f042cff86bd09a58b9b8

(this sample)

AgentTesla

Executable exe ac20f8f16efd13ea704488eb43b1a761f9e26bcdc70ac70d57cb15cbdab200bb

  
Dropping
MD5 cba5dffc82dfadc4b5b3a5b58f0715e3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ac20f8f16efd13ea704488eb43b1a761f9e26bcdc70ac70d57cb15cbdab200bb

Comments