MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a975b76a4dc33bc29248556ef56418fc21149a6276f792453f4994c89d912a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a975b76a4dc33bc29248556ef56418fc21149a6276f792453f4994c89d912a2
SHA3-384 hash: 52c59f317e208bb1f87024c2a9a3d72f0754dc4e6d266382d528f31f839a2e8860e0c3f9c6d3981c7f6ab28ab4f25ab2
SHA1 hash: f96c3cdbcbd88738be743196027eada6ee61ce82
MD5 hash: ae81e39a097f57cc0841337ffe5465de
humanhash: five-oven-cold-montana
File name:Haberling GmbH.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:429'318 bytes
First seen:2020-08-10 09:52:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:CTcHuvnIshZpswmYRdjnM8sXzpNy+fanhV:IcjnejAXK4anhV
TLSH A59423C71466659B879DF27EAEECA3DF773ABC152891F2FC30B159900C1893108636A6
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vl52566.dns-privadas.es
Sending IP: 62.138.137.228
From: Sebastian Heise <campanna43@gmail.com>
Subject: Aktenzeichen : INV 002904/18 vom 21.06.2020.
Attachment: Haberling GmbH.zip (contains "Haberling GmbH.exe")

AgentTesla FTP exfil server:
ftp.classeeformas.com:21

AgentTesla FTP exfil user name:
mannn@classeeformas.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0a975b76a4dc33bc29248556ef56418fc21149a6276f792453f4994c89d912a2/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-10 09:53:05 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bklvw5ve3qz3ykjeqvlo6vsbr7bbcsnge5xxsjct6smuzcozckra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0a975b76a4dc33bc29248556ef56418fc21149a6276f792453f4994c89d912a2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 0a975b76a4dc33bc29248556ef56418fc21149a6276f792453f4994c89d912a2

(this sample)

AgentTesla

Executable exe 6b574d15c00a4b1c9da4991da69f6ca20f086b65373abf462e8a252f18daf3f7

  
Dropping
MD5 acb19a476569ef8b41dd4fc64908cff7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6b574d15c00a4b1c9da4991da69f6ca20f086b65373abf462e8a252f18daf3f7

Comments