MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0bd92f9aaa5bf15075330783685b046e389a244be804aaa1c5f4edd4b7d7205f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0bd92f9aaa5bf15075330783685b046e389a244be804aaa1c5f4edd4b7d7205f
SHA3-384 hash: 87baef828131d55ee8b38cb9dc5e7173de18ca7dbff26020efd82c1edd0293f6f58270c0b0995ca6eef8fbb8aa11ff3e
SHA1 hash: 040bc821c5b25830d02b5fc08ae3769f7ff23d73
MD5 hash: 74cf11ecde8cd7b7252713c326873165
humanhash: earth-nine-colorado-blossom
File name:Inquired Order JULY 07.CAB
Download: download sample
Signature AgentTesla
Create hunting rule
File size:434'744 bytes
First seen:2020-07-07 08:49:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:hKN9m+dz5zhify5hDggWXewqJYe/0vvA6Y8f3b:09Dmfy5Fg7jg/C08f3b
TLSH F194231F593F6A30FA9807812D1B7F4C219A65C489CEF64296133B7DDCEE9C07A48197
Reporter abuse_ch
Tags:AgentTesla cab


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.ferrydo.xyz
Sending IP: 104.168.245.66
From: contact@macsontrading.com
Subject: INQUIRY FROM MASON LLC (JULY 2020)
Attachment: Inquired Order JULY 07.CAB (contains "Inquired Order JULY 07.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0bd92f9aaa5bf15075330783685b046e389a244be804aaa1c5f4edd4b7d7205f/
Threat name:
Archive-ZIP.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 08:51:07 UTC
File Type:
Binary (Archive)
Extracted files:
28
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bpms7gvklpyva5jta6bwqwyeny4jujcl5ackviof6tw5jn6xebpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 0bd92f9aaa5bf15075330783685b046e389a244be804aaa1c5f4edd4b7d7205f

(this sample)

AgentTesla

Executable exe a4ae57283aed9c08180d74dfadb082d76e10cb6f4b01a45d1145c60f651da100

  
Dropping
MD5 d7c67c7b8828726f9162a31f13ae9384
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a4ae57283aed9c08180d74dfadb082d76e10cb6f4b01a45d1145c60f651da100

Comments