MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 833b378d254570290dc92084ce020dfdbdaf74da4dd6542bbe109ab4601ed72d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 833b378d254570290dc92084ce020dfdbdaf74da4dd6542bbe109ab4601ed72d
SHA3-384 hash: eb843552075d2d8de02aff35a3277314d9772c94c26c4cb2f754218e2bde229c02c3a41a6f44e860425c84874e213b39
SHA1 hash: c7895072db3b856367ae8b417aa38e960237fd4a
MD5 hash: 71533682034f97f32a096b2f59ba95b9
humanhash: eight-helium-hamper-alpha
File name:PO 6500082786.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:402'761 bytes
First seen:2020-07-21 06:02:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Bpm0BwatEZYz5n/fNQoZC5U+KDf1JIh45Ik/y:dFtEGntQKlz1mh45I7
TLSH 7984239491511DD1A63ACD563AFF3C17FF2419D0B322EB02967D32A7D8D3880672CA9B
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: konicaminolta.com
Sending IP: 103.207.39.71
From: sitifatin.nasir <sitifatin.nasir@konicaminolta.com>
Subject: PO 6500082786
Attachment: PO 6500082786.zip (contains "PO 6500082786.exe")

AgentTesla SMTP exfil server:
mail.mahavirint.in:587

AgentTesla SMTP exfil email address:
pratap@mahavirint.in

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.23627.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/833b378d254570290dc92084ce020dfdbdaf74da4dd6542bbe109ab4601ed72d/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 06:04:06 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qm5tpdjfivycsdojeccm4aqn7w6265g2jxlfik56ccnliya624wq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/833b378d254570290dc92084ce020dfdbdaf74da4dd6542bbe109ab4601ed72d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 833b378d254570290dc92084ce020dfdbdaf74da4dd6542bbe109ab4601ed72d

(this sample)

AgentTesla

Executable exe a78239b17de3eac55e5fcbeceefdd2fe78f76888a2639f54024232b4dcda394c

  
Dropping
MD5 47a5bffbba715fa7e123e1f495d9d8bf
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a78239b17de3eac55e5fcbeceefdd2fe78f76888a2639f54024232b4dcda394c

Comments