MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8395ed95f07c46f703671ec5f0379aa397f68adba0706934d503698591d37b3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8395ed95f07c46f703671ec5f0379aa397f68adba0706934d503698591d37b3b
SHA3-384 hash: 64e2166ecd82b9a7a806dd864124a9ad79e4c8262593eca32128d37495d836895e2ca5c8f62e9c60920c83fb0fafddde
SHA1 hash: 12dd79f4c78e1e69fc2949e171e998025db2c964
MD5 hash: 28c9e9ba98a77fbb5df908bb04bddb24
humanhash: georgia-failed-rugby-east
File name:Purchase Order No. 6095-SAP RFQ.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:369'526 bytes
First seen:2020-05-27 17:57:29 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:LS8D3z+/EsYYuUe+ATBuOUXPCGYp8HdPzRXDLbeDhFISe+lnnPJTw3Sgi3w9ASd9:LS8Lz+zuUezSBlPzRXDLbeDBXdPJTAF/
TLSH 1274239FEA41F4AA687A0570415F26C445D7D44A323922FFF7BB4C329994816BF8D0CB
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: hameedentr@cyber.net.pk
Subject: Fwd: Purchase Order No. 6095-SAP RFQ
Attachment: Purchase Order No. 6095-SAP RFQ.pdf.gz (contains "Purchase Order No. 6095-SAP RFQ.exe")

AgentTesla SMTP exfil server:
smtp.qoiti.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 01:01:37 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 8395ed95f07c46f703671ec5f0379aa397f68adba0706934d503698591d37b3b

(this sample)

AgentTesla

Executable exe 3ec7aa619bf5b5c3cb03a63c0b957e12fe575afbb1b64c4b5987ee6447d18601

  
Dropping
MD5 03bad2f776f8668c327af83a49a5952b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3ec7aa619bf5b5c3cb03a63c0b957e12fe575afbb1b64c4b5987ee6447d18601

Comments