MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68a86f4524f7a2ddae5cb33125075b1dbe43a0c023210d09abf2e342459b55fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68a86f4524f7a2ddae5cb33125075b1dbe43a0c023210d09abf2e342459b55fe
SHA3-384 hash: be148f61a0b321d8cd104ad4cbd80aa3f542ceba956d84d7cd7401a9dafb19e281656e2c3f7a262173d8c7097bf4b522
SHA1 hash: b9021742a71ce436c48ed3728a2e5d37293dfdb4
MD5 hash: 41fcf7acef4128d1e5742bd864e97f71
humanhash: fish-berlin-nine-mississippi
File name:HedpjD8qmJklFyr.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:376'301 bytes
First seen:2020-06-12 06:29:50 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 6144:QTSJd3P9rmMV9naqkDfsS8i0ic9VDsNyENo5wpFWXdme97KQS9LAKfeOJJvTNiG:QTSzf9rmI9nafES8i2zENGwpFAbKQI/n
TLSH 7A842313FD613F062636013D5B198F3E5F860B85D4958A07F5E8B0F2ED8D6A385EBA90
Reporter abuse_ch
Tags:ace AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.neileshinnovation.com
Sending IP: 162.241.215.159
From: JBS Accounts Dept <wynn@wysen.com>
Subject: RE: TT PAYMENT
Attachment: HedpjD8qmJklFyr.ace (contains "HedpjD8qmJklFyr.exe")

AgentTesla SMTP exfil server:
montana.co.ke:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 06:31:10 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ncug6rje66rn3ls4wmyskb23dw7ehigaemqq2cnl6lruerm3kx7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 68a86f4524f7a2ddae5cb33125075b1dbe43a0c023210d09abf2e342459b55fe

(this sample)

AgentTesla

Executable exe d5b86ca1c7162b64376f05c2e9cae2f75d722af4c3954f9fa5bf12c3c36b29f1

  
Dropping
MD5 12bdb9bdad90b5a0359b150a1d5459e9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d5b86ca1c7162b64376f05c2e9cae2f75d722af4c3954f9fa5bf12c3c36b29f1

Comments