MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ac7dc13b91d56b89c18e80e8df0c1c64df610ae8219cd1a2bfed7d6de3e3123. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ac7dc13b91d56b89c18e80e8df0c1c64df610ae8219cd1a2bfed7d6de3e3123
SHA3-384 hash: dde0835dad08283f19c91d8c1a27b08b76a1dd517c73ba252c87b5453d456f1851ce75c12fda2807c0041d74ddefdfef
SHA1 hash: 33ac1fb895332ed22efdb0bb79bca11276d1bd0b
MD5 hash: a423113c6e87dda2d6ecb36e6e604e11
humanhash: six-blue-floor-chicken
File name:Order-No 20200708 pdf.xz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:630'549 bytes
First seen:2020-07-10 17:58:25 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 12288:IquNXlkdPC8J75hBK68yskuFERnkgR+9PmgRCTOc3KJZAHL3C8wq8p:ItWgy757KzyskNkgR+9u9fVwq8
TLSH 55D42312C93977F9A141EFC121A808A06B77CCD7AEA29F1E94C06A55DFC4DC2C9E164E
Reporter abuse_ch
Tags:AgentTesla xz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mailchk-m01.uwaterloo.ca
Sending IP: 129.97.128.238
From: Luca Favari <ptacek@uwaterloo.ca>
Subject: New Purchase Order -2020007
Attachment: Order-No 20200708 pdf.xz (contains "Order-No 20200708 pdf.exe")

AgentTesla SMTP exfil server:
smtp.sbcglebal.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27342.RarHeur.v5.HideExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8ac7dc13b91d56b89c18e80e8df0c1c64df610ae8219cd1a2bfed7d6de3e3123/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 18:00:07 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rld5ye5zdvllrhay5ahi34gbyzg7mefoqim42grl73l5nxr6gerq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

xz 8ac7dc13b91d56b89c18e80e8df0c1c64df610ae8219cd1a2bfed7d6de3e3123

(this sample)

AgentTesla

Executable exe 2e6c9cf68a8bcca1eb368038a06f47566eb7fd3eb6ea6919bcbd293dbadf1e11

  
Dropping
MD5 96be544435702043037ddad6334cbb89
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2e6c9cf68a8bcca1eb368038a06f47566eb7fd3eb6ea6919bcbd293dbadf1e11

Comments