MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 880b7823570400765b85fdff9b10397e469570d38fd20d66d7a49c1e8c314b00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 880b7823570400765b85fdff9b10397e469570d38fd20d66d7a49c1e8c314b00
SHA3-384 hash: 360f75a4522fcbd3197807da71c8fbc0508c1bdd9f1c96f38818a4f7565beb86037baa84398acb4b3e6fb8925633a31b
SHA1 hash: a50f53d8c2d53feaf8ac768d8ba2ee381c42d0e5
MD5 hash: fcb214bd23dda83e9fd50f0c87286404
humanhash: yellow-bacon-fish-april
File name:PR 12798.PDF.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'337'486 bytes
First seen:2020-05-21 11:19:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:WaJWQSi9Vx/yOvEVPbajJsScRE/gmbZqf5Ush3+oiXe:AiGVcBf4EOUsh3viu
TLSH 3B5533AE53586D7940358E78E591C90E706EB188F0FAB30733AC75825717ACFADE3498
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 162-241-215-51.unifiedlayer.com
Sending IP: 162.241.215.51
From: Amar Kumar Mandal <spec2111@eim.ae>
Subject: RE: RFQ-12798
Attachment: PR 12798.PDF.z (contains "PR# 12798.exe")

AgentTesla SMTP exfil server:
mail.hajartrading.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

SecuriteInfo.com.Trojan.Delf.FareIt.Gen.7.24267.5419.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 11:37:02 UTC
File Type:
Binary (Archive)
Extracted files:
264
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 880b7823570400765b85fdff9b10397e469570d38fd20d66d7a49c1e8c314b00

(this sample)

AgentTesla

Executable exe 37d7cd08ca91dc9962cfd418aafc0d115b954ee72c181feaf7d986c1f56b26a7

  
Dropping
MD5 6a860864346d83b4944b03393e075f81
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 37d7cd08ca91dc9962cfd418aafc0d115b954ee72c181feaf7d986c1f56b26a7

Comments