MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 780134d3a44f4fe76f0f6811917db2876d7170b4d3425b73da2d9e02a4c0237c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 780134d3a44f4fe76f0f6811917db2876d7170b4d3425b73da2d9e02a4c0237c
SHA3-384 hash: b992dde102c1c26334cc6107775f0fa3f550c7b5b61d6581bb7edd676a13a25cf3819e9e1a71c6d6bba1c8cac72507e2
SHA1 hash: 02912a650155b81b049afbcfbf53b944447c03dc
MD5 hash: b1af47321f44318f7825dd71d8466b5d
humanhash: texas-saturn-idaho-friend
File name:SKCM_PO52014216_2020062346736543,pdf.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:424'904 bytes
First seen:2020-06-24 05:34:59 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:jlA4kNTs+5hjXFcaXbUxzsfbJP4EELQs4OYaQkhuIT:jECAhj1cI4xzMJwEELQs4OY/koU
TLSH 1A942380AB28F129F973E914423B414E4ECEF5EE64569D1C6B02F14CE65F4FAF4A49B0
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: dgqutian.com
Sending IP: 156.96.62.213
From: Lily Zhao <lily@dgqutian.com>
Subject: 新查询
Attachment: SKCM_PO52014216_2020062346736543,pdf.r00 (contains "SKCM_PO52014216_2020062346736543,pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/780134d3a44f4fe76f0f6811917db2876d7170b4d3425b73da2d9e02a4c0237c/
Threat name:
ByteCode-MSIL.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 05:36:07 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=paatju5ej5h6o3ypnaizc7nsq5wxc4fu2nbfw462fwpafjgaen6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 780134d3a44f4fe76f0f6811917db2876d7170b4d3425b73da2d9e02a4c0237c

(this sample)

AgentTesla

Executable exe 52b289b18d0527a46edd7a0cb40473839d4856621c53077e950cdad637f19e62

  
Dropping
MD5 c8cd1b22db2d56d546d9ad3732029d21
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 52b289b18d0527a46edd7a0cb40473839d4856621c53077e950cdad637f19e62

Comments