MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85f4ec23b4c4ee46bc8362947560aacb0a3337a26ffb7d0b8b43269bc6703b12. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85f4ec23b4c4ee46bc8362947560aacb0a3337a26ffb7d0b8b43269bc6703b12
SHA3-384 hash: db477510ff92adbd1b3ad4648e49f80fc3c7b3ca9f984496c8a449144838b838f14a727834c8c0f70f080d1c0614b66f
SHA1 hash: 8de5faa5661d05c2ac421c12294736696937d9a1
MD5 hash: 1fecf943fc1b96c7447bcc90887f7705
humanhash: iowa-rugby-foxtrot-vegan
File name:POn° 08312020xlx.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:704'034 bytes
First seen:2020-08-31 09:08:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:fvPYAM0yVr6gqhhZPCriSeCAPl2t7Ldst7DxPotOC7c9b0vz5OnCk+Kc/nJRfy:vBryQgeZPIidMEwtOCtvFox+3m
TLSH EBE423B7CFA4A24FB1218D7240DAF56B0D6F4320E7484E8E74D6A766063F58C9443F8A
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: m97144.mail.qiye.163.com
Sending IP: 220.181.97.144
From: Ada <ada.feng@chuetsu-group.com>
Subject: Request quote
Attachment: POn° 08312020xlx.zip (contains "POn° 08312020xlx.exe")

AgentTesla SMTP exfil server:
polar.argondns.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.Trojan-7.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/85f4ec23b4c4ee46bc8362947560aacb0a3337a26ffb7d0b8b43269bc6703b12/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qx2oyi5uytxenpedmkkhkyfkzmfdgn5cn75x2c4limtjxrtqhmja._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/85f4ec23b4c4ee46bc8362947560aacb0a3337a26ffb7d0b8b43269bc6703b12

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 85f4ec23b4c4ee46bc8362947560aacb0a3337a26ffb7d0b8b43269bc6703b12

(this sample)

AgentTesla

Executable exe 545305810b041d0a1ea357652c1b98aa714b039c16af8d1d7ecdd8e513a59d8b

  
Dropping
MD5 70ff75d7a81b97a465bf79c46aacca5a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 545305810b041d0a1ea357652c1b98aa714b039c16af8d1d7ecdd8e513a59d8b

Comments