MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 865e6ae9ac798aaf8a2ce06b3abebe01c17b1901175ad53b7f4cfc231d5eb8d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 865e6ae9ac798aaf8a2ce06b3abebe01c17b1901175ad53b7f4cfc231d5eb8d0
SHA3-384 hash: 1dbf8913fccb7380c4ebc29da158861457a89dfe4066a8643c6243b412fbf81b23c387de2bcf400c84bf91a11c553969
SHA1 hash: f11ea2b8a305c9af0f1cc3addaea44d5750bf716
MD5 hash: d5604ee17780836f4b98d828b95eab20
humanhash: papa-black-alabama-sink
File name:BANK DETAILS.xls.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:490'461 bytes
First seen:2020-08-05 17:11:45 UTC
Last seen:2020-08-07 15:34:42 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:/Ba+9OGBy79G8ocAF0OXKptIxvcjn+Qosjjt5gr/xMZRJnX:paljpYFtXK0xk9oYjt+r5MZRJnX
TLSH A1A42315D9968BF80A212D649EFA6FF0EB1C453BD421E7CFDEA980C5518C895BC0E63C
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: coscosh.com
Sending IP: 103.99.1.143
From: dept<dept@coscosh.com>
Subject: RE: PAYMENT TO BANK DETAILS (CONFIRM BANK DETAILS)
Attachment: BANK DETAILS.xls.rar (contains "BANK DETAILS.xls.exe")

AgentTesla SMTP exfil server:
mail.blc.com.np:587

Intelligence

File Origin
# of uploads :
3
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/865e6ae9ac798aaf8a2ce06b3abebe01c17b1901175ad53b7f4cfc231d5eb8d0/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 17:13:09 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qzpgv2nmpgfk7crm4bvtvpv6ahaxwgibc5nnko37jt6cghk6xdia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/865e6ae9ac798aaf8a2ce06b3abebe01c17b1901175ad53b7f4cfc231d5eb8d0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 865e6ae9ac798aaf8a2ce06b3abebe01c17b1901175ad53b7f4cfc231d5eb8d0

(this sample)

AgentTesla

Executable exe 0ccd73a94d46ffb3f88ab74256197c9cb5e15d87f017b5752ee557985138c1b4

  
Dropping
MD5 02b4cd91c80eb6395d1329beb9e20d15
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0ccd73a94d46ffb3f88ab74256197c9cb5e15d87f017b5752ee557985138c1b4

Comments