MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 29ea1f8995c3f6644f5f3e6efe42f52b374a169a6f34c7e3896800988fd93f0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 29ea1f8995c3f6644f5f3e6efe42f52b374a169a6f34c7e3896800988fd93f0e
SHA3-384 hash: 6221202cb1d3fb8fc369901d4e50c1c5569848d81837d064fa12c8cb70858cf47f5a86add344cabaab221901cc44447c
SHA1 hash: b9879586802bfc5d398e83e1750051c9d2e9f38c
MD5 hash: 9a1f0a25e9b45748da7b92a401bbb2a3
humanhash: monkey-carpet-missouri-california
File name:OXITER SL OCPC047190.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:400'059 bytes
First seen:2020-07-24 13:34:21 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:GsA1rMCsfKugtoHU0Kd4puiEQ6qb0QongiMcK:GsirMNa5+wiELtXMJ
TLSH D98423A43710C02F65B012FFA77756FBAAC958DA52410EF12A0C2661B49FDB9271DF8C
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: www.atecyr.org
Sending IP: 94.177.185.236
From: Andreu Culubret - Oxiter,sl <andreu.culubret@oxiter.com>
Subject: RV: PEDIDO DE COMPRA - PC047190/07242020 - OXITER S.L
Attachment: OXITER SL OCPC047190.r00 (contains "ORDEN COMPRA 004536 LS PC047190 OXITER SL 07242020.exe")

AgentTesla SMTP exfil server:
mail.corroshield.co.id:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/29ea1f8995c3f6644f5f3e6efe42f52b374a169a6f34c7e3896800988fd93f0e/
Threat name:
ByteCode-MSIL.Trojan.Masslogger
Create hunting rule
Status:
Malicious
First seen:
2020-07-24 13:35:32 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fhvb7cmvyp3git27hzxp4qxvfm3uufu2n42mpy4jnaajrd6zh4ha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/29ea1f8995c3f6644f5f3e6efe42f52b374a169a6f34c7e3896800988fd93f0e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 29ea1f8995c3f6644f5f3e6efe42f52b374a169a6f34c7e3896800988fd93f0e

(this sample)

AgentTesla

Executable exe 09240b0249537b68eb5c4d78f7c4531753553dd00d5180df2cede9d79552c027

  
Dropping
MD5 f5be0703df942fcdae50d333254a77b5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 09240b0249537b68eb5c4d78f7c4531753553dd00d5180df2cede9d79552c027

Comments