MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a2e7413aa889c4a9842a0daf744b2b7a2fde2fb8a8d0ec660fb54ec61df1b20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a2e7413aa889c4a9842a0daf744b2b7a2fde2fb8a8d0ec660fb54ec61df1b20
SHA3-384 hash: fe1e4ba4f84da17df39eb00db9ca000d75d1fc4d74d049eeeb86ce3cdc9aa468f72493652dc0a1f013d54081e748ba45
SHA1 hash: 456b53624ad74b5a2136fb7b3a76f91c02dc640a
MD5 hash: 43ba885b3accf0fbe811a0a42517bf13
humanhash: earth-black-michigan-oranges
File name:Pdf-1790098475756783844-022349.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:403'684 bytes
First seen:2020-07-07 17:27:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:6S29tT/ZPz42wmfszjIsDOcLUG0h7r3fU4Q7xdz4QjKCDN/01RlngneL/w+FFtIU:6S29tThPzGzjTt8cbzdrsHEeLNFFgo9N
TLSH 2D842376BD589F82A44AE80A3758CAFFF683882D01940A72BD2154B1094BFF6F17F1D5
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: tryit.com
Sending IP: 2.56.8.140
From: accountpayable <accountpayable@afslogistics.in>
Subject: Re: Payment Advice Confirmation & Details
Attachment: Pdf-1790098475756783844-022349.zip (contains "Pdf-1790098475756783844-022349.exe")

AgentTesla SMTP exfil server:
mail.chenklins.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.SpyBotNET.17.25262.5791.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8a2e7413aa889c4a9842a0daf744b2b7a2fde2fb8a8d0ec660fb54ec61df1b20/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 14:02:42 UTC
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rixhie5krcoevgccudnporfsw6rp3yx3rkgq5rta7nkoyyo7dmqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 8a2e7413aa889c4a9842a0daf744b2b7a2fde2fb8a8d0ec660fb54ec61df1b20

(this sample)

AgentTesla

Executable exe b04580b535d7a018ff5b8933e399b7b1497b3dfa896798fef656412a925ceb78

  
Dropping
MD5 0febb8e8fefe6d08dadbe30e8a552ec1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b04580b535d7a018ff5b8933e399b7b1497b3dfa896798fef656412a925ceb78

Comments