MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b9cb8a0deb74e13ccb914868f66e8ec7b20dc0cc566c1334bb502f7d4064034. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b9cb8a0deb74e13ccb914868f66e8ec7b20dc0cc566c1334bb502f7d4064034
SHA3-384 hash: be8e392edc9cddc6090f1c8937cdd2b7c8753adc03fb991b7b4e7bb9d95b0ec263637bd7580cd7ec40694c6e280873c0
SHA1 hash: b30a24010759db97140414391143489f8e13c0cd
MD5 hash: 8768b5b7bf033767318aa0481c2f53cf
humanhash: eight-artist-ten-pasta
File name:ITIALIA SEPA PRODUCTZION REQUEST FOR COV-19 INV-029302938.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:441'401 bytes
First seen:2020-04-05 09:23:47 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:5fW/SpcY5Z8NBuvtj/DSsgTeFx4UdLPxg5lp0cTLcOQVEnfPpFy4WTrW9HT7L:5fW/NYv8Nov5/esgyX4UxZE0mLH1WCb
TLSH D39423A9E674B0AEB9F797F3F2FCF2946C263588823C7092651E254B07A5D41D27CD01
Reporter abuse_ch
Tags:7z AgentTesla COVID-19


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: h55.sserv.ru
Sending IP: 95.215.177.133
From: ITALIA SEPA <vladimir@naksealing.ru>
Subject: URGENT COVID-19 ORDER ITIALIA SEPA
Attachment: ITIALIA SEPA PRODUCTZION REQUEST FOR COV-19 INV-029302938.7z (contains "ITIALIA SEPA PRODUCTZION REQUEST FOR COV-19 INV-029302938.exe")

AgentTesla FTP exfil server:
ftp.fox8live.com:21 (207.191.38.36)

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-05 09:35:48 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
14 of 47 (29.79%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=roolrig6w5hbhtfzcsdi6zxi5r5sbxamyvtmcm2lwubppvagia2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 8b9cb8a0deb74e13ccb914868f66e8ec7b20dc0cc566c1334bb502f7d4064034

(this sample)

AgentTesla

Executable exe b2fc9766f26d0ade21f6fc89a59a9eb0d18dad53496df5d08b37678c5da35a13

  
Dropping
MD5 d57c3dbbf3f47583d065dbb1eed7630c
  
Dropping
SHA256 b2fc9766f26d0ade21f6fc89a59a9eb0d18dad53496df5d08b37678c5da35a13
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b2fc9766f26d0ade21f6fc89a59a9eb0d18dad53496df5d08b37678c5da35a13

Comments