MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 806f642c17b8b6b60d09c7cb7ea5b24bc5c808fcaecd0ff93d5659cf3360988d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 806f642c17b8b6b60d09c7cb7ea5b24bc5c808fcaecd0ff93d5659cf3360988d
SHA3-384 hash: c31819a4ee675561b77e7ad8612f5808bc59350c58d71485681fa26a3ea2bcf5c863bb6c1a21df196756b6cef32d77d8
SHA1 hash: 444717d149e9ab611b00133c651f59c7409ea3a4
MD5 hash: 72cb1454ff8f9d459a0d2aee96339553
humanhash: arizona-colorado-juliet-robin
File name:Ordersp28543-Order50130-pdf.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'000'429 bytes
First seen:2020-06-03 08:54:17 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:e7V2W5OzQO/rhoKJmMepqisG0ERT5j7XY65D/:e775YhlomKqRG0ET57XDD/
TLSH 9025332445AA804C7BF532CDFF57868081D017BDB89314A1A8D76A819AB5DCC9FF7F22
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: chdinformatica.servidorplesk.com
Sending IP: 91.142.217.106
From: Coelho Carlos <Carlos.Coelho@jungheinrich.pt>
Reply-To: Coelho Carlos <dustiutd12@hotmail.com>
Subject: Fwd:Feed Back on specific market
Attachment: Ordersp28543-Order50130-pdf.7z (contains "Order#sp28543-Order#50130-pdf.exe")

AgentTesla FTP exfil server:
ftp.kassohome.com.tr:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25190.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 04:29:45 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qbxwilaxxc3lmdijy7fx5jnsjpc4qch4v3gq76j5kzm46m3atcgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 806f642c17b8b6b60d09c7cb7ea5b24bc5c808fcaecd0ff93d5659cf3360988d

(this sample)

AgentTesla

Executable exe 556127877af376d03768c2a474c93ac17b9a5657c22b75752937e2bc3b6a318a

  
Dropping
MD5 bb8788b38fdd6ca4a4a46bf610ccdb9b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 556127877af376d03768c2a474c93ac17b9a5657c22b75752937e2bc3b6a318a

Comments