MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0eacfa80570beecd07fb37fcb38d6b8ec53dedbc9cb7e3aa92bfb482f228f8d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0eacfa80570beecd07fb37fcb38d6b8ec53dedbc9cb7e3aa92bfb482f228f8d4
SHA3-384 hash: 7908119631632e4e20062ebdf3caf73904c18a570fda185ea8600227bd34fb9036a572b217301b590c0fabd7f84771c6
SHA1 hash: 7f1bc2be0261e59b80ace0db55f84fbcba96523e
MD5 hash: a3af39fbd094fcc6e090e8c125573d0b
humanhash: oregon-vermont-snake-victor
File name:New PTE purchase.pdf
Download: download sample
Signature AgentTesla
Create hunting rule
File size:633'550 bytes
First seen:2020-07-09 06:28:25 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:gf8u7k3/NCoxgLVXAN3xswJR/Fua6511+tviaIqZgrdEwWDCIXc11daDDqzX+MC:3u7k312VwZHtr65a33gh03e+n
TLSH 28D423193DC0C1AAF5E2D53E8D94C290786FDB3768A1DD84B54630C993B8349AB02BCF
Reporter abuse_ch
Tags:AgentTesla pdf


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: jwinnovation.co.uk
Sending IP: 209.58.149.70
From: Jermaine Mary<jermainee@jwinnovation.co.uk>
Subject: Re: New PTE purchase order July
Attachment: New PTE purchase.pdf (contains "New PTE purchase order July.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0eacfa80570beecd07fb37fcb38d6b8ec53dedbc9cb7e3aa92bfb482f228f8d4/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 01:29:27 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b2wpvacxbpxm2b73g76lhdllr3ct33n4ts36hkusx62if4ri7dka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 0eacfa80570beecd07fb37fcb38d6b8ec53dedbc9cb7e3aa92bfb482f228f8d4

(this sample)

AgentTesla

Executable exe 0ca99b2af0dca6c25e2c213260983c7395fb309e7fb0773b746e5af0335b6411

  
Dropping
MD5 4ef779e0a530accf8cd784a9dd863fdd
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0ca99b2af0dca6c25e2c213260983c7395fb309e7fb0773b746e5af0335b6411

Comments