MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76a4c8a069240fcfb028ea94da7494d997140bacb80863db2130e944b9aedda4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76a4c8a069240fcfb028ea94da7494d997140bacb80863db2130e944b9aedda4
SHA3-384 hash: 143aa12a08de0c0fbc407f81682052d9653db6d5df54e6af9cc5602c7c0354640139204c77ef79c599535b49387a24c2
SHA1 hash: 7cffc85200607b683f675af4e8f047859c7ac1b0
MD5 hash: ee963cd27bb60ca2b19749900b5cc045
humanhash: earth-angel-connecticut-spring
File name:All the said documents.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:394'432 bytes
First seen:2020-07-16 06:33:29 UTC
Last seen:2020-07-18 11:56:12 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:sif0KZBquMLm1MkuPF4s49xef/fyXtK8YxedxxQ1J4ltQ1:7hMS1M/PG9xq+xxQb4ltG
TLSH D384237E8BC9275498661C58E29F15C93F7F9320B6666BA39D12C03C43CA6F20A4F3D5
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: rudrabuildwell.com
Sending IP: 45.143.222.172
From: Ahmed Fawzy <info@rudrabuildwell.com>
Subject: Sorry for the delayed response
Attachment: All the said documents.zip (contains "All the said documents.exe")

AgentTesla FTP exfil server:
ftp.hraspirations.com:21

AgentTesla FTP user name:
test@hraspirations.com

Intelligence

File Origin
# of uploads :
3
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.5399.16820.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/76a4c8a069240fcfb028ea94da7494d997140bacb80863db2130e944b9aedda4/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 06:35:05 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o2smridjeqh47mbi5kknu5eu3glric5mxaeghwzbgduujono3wsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 76a4c8a069240fcfb028ea94da7494d997140bacb80863db2130e944b9aedda4

(this sample)

AgentTesla

Executable exe ae74623e356130501507540ec165aa3ca088a7cb27bae50769998b6cb6538f0b

  
Dropping
MD5 25e8f59ae32b4be6139b6903011ba58e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ae74623e356130501507540ec165aa3ca088a7cb27bae50769998b6cb6538f0b

Comments