MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a01dd167473e79c66f53bcc414a5ca438c0d95033d6d8ea21d3ac3a6eafe33b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a01dd167473e79c66f53bcc414a5ca438c0d95033d6d8ea21d3ac3a6eafe33b
SHA3-384 hash: 3162d6eeaad39002ea9834a4d6124b5fa7ebbb68f377e6f47d8fa9c9db339876ad8e90033bfe2a21e11236ef6e23fa31
SHA1 hash: 3bca7df2f0dccf3d33660042e350b0b18b19b159
MD5 hash: 9304cc725254f0f20512fe7c257ff5aa
humanhash: eighteen-nebraska-oranges-louisiana
File name:PO1159BL pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:504'497 bytes
First seen:2020-08-10 09:55:24 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:LjK7xRqYIkmJp3NBmVvD/QZqdz0OlTriaICwklKe:LjKzqY6JNDmVvDou00riaIC1Ke
TLSH 68B4230B9D32F01E4BDF8A1E726BB6E0F7697E80045D8988770346BD79ADC940A841DF
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hwhk-131-235.mailset.cn
Sending IP: 128.1.131.235
From: Carmen <sales02@zscharm.com>
Subject: RFQ
Attachment: PO1159BL pdf.rar (contains "PO1159BL pdf.exe")

AgentTesla SMTP exfil server:
webmail.geral.com.pe:587

AgentTesla SMTP exfil email address:
operaciones@geral.com.pe

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27342.RarHeur.v5.HideExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8a01dd167473e79c66f53bcc414a5ca438c0d95033d6d8ea21d3ac3a6eafe33b/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-10 09:57:05 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ria52ftuoptzyzxvhpgecss4uq4mbwkqgplnr2rb2owdu3vp4m5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8a01dd167473e79c66f53bcc414a5ca438c0d95033d6d8ea21d3ac3a6eafe33b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 8a01dd167473e79c66f53bcc414a5ca438c0d95033d6d8ea21d3ac3a6eafe33b

(this sample)

AgentTesla

Executable exe 6da0b5d0f2264121fc9dd33312a865f1ac584f66f1191be257138e6cdfc05336

  
Dropping
MD5 2888b6e0215298848cd4a265bb839291
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6da0b5d0f2264121fc9dd33312a865f1ac584f66f1191be257138e6cdfc05336

Comments