MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8162f72598ab8e69ef39f02de95436aa21f3d433503c263cc5fee47185c3ba15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8162f72598ab8e69ef39f02de95436aa21f3d433503c263cc5fee47185c3ba15
SHA3-384 hash: 745654646009002bd8cbdcb04a61263549618b8a9b1626c7a6b5ae650742e6cb5025b0d4fa97e760e9c08ac6136b070b
SHA1 hash: a491000eb6bf4b8097a548c3786a6b28f825a4ec
MD5 hash: 954416cc79acbba0afd1ea5462689fa5
humanhash: uncle-colorado-fifteen-five
File name:docs.r15
Download: download sample
Signature AgentTesla
Create hunting rule
File size:953'514 bytes
First seen:2020-05-26 11:07:24 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:HhYlWzvaqEfNuQeOeJZJtyLvVahlMp7jmluE7yJ9E:HS0vaB2BMc27uuPc
TLSH C81523631210166E736543B0D0787C316C32CECA7984EFB4F5CB49A7A5BCEAA83E55B4
Reporter abuse_ch
Tags:AgentTesla r15


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: conticoshipping.com
Sending IP: 103.207.39.104
From: sales.mum@conticoshipping.com
Subject: RE: Invoice for the subject shipment ( Original BOE , CFS , Liner Invoices )
Attachment: docs.r15 (contains "docs.exe")

AgentTesla SMTP exfil server:
venus.worldindia.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:37:01 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 8162f72598ab8e69ef39f02de95436aa21f3d433503c263cc5fee47185c3ba15

(this sample)

AgentTesla

Executable exe 0af91caf5bfd256133203be73629b6fc15dda3a6d11b007549babf7118763cfe

  
Dropping
MD5 b1a04a9fd721408693d5db518a5a5df3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0af91caf5bfd256133203be73629b6fc15dda3a6d11b007549babf7118763cfe

Comments