MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c0888faa4ebf3f00411c6afd35385d5fb2127f25992d578bc61498b71624aa5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c0888faa4ebf3f00411c6afd35385d5fb2127f25992d578bc61498b71624aa5
SHA3-384 hash: bac4a3c5cb37d78dd3142648bd0b93c57f62a86d7402bf51c4fde7f58bec195a7255c393447d84f7d74a1481c999690e
SHA1 hash: a343a109fa092e9ddd63f06a3eb7aa1c5f2afac2
MD5 hash: b98b464a9b622bc62df6b74f2919a523
humanhash: robert-paris-jersey-twenty
File name:LIST0117398902791PDF.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:967'461 bytes
First seen:2020-06-08 12:21:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:fB9g5BZwhH//VZT0GWUqImzFOOryKzk1iSMvdjRXYo1iKu:fMPwhH//VZCU/mzgOryEUiBvdSo1bu
TLSH 272523EA345EA1078334541CD9A00FBBC93AB5FE1FE4AD4F79426776B12235B81318D9
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: linux1117.grserver.gr
Sending IP: 95.216.16.146
From: Andrea Serra <sales@higinfu.com>
Subject: Offer
Attachment: LIST0117398902791PDF.7z (contains "LIST0117398902791PDF.exe")

AgentTesla FTP exfil server:
ftp.solarcenter.ro:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 09:51:14 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rqeir6ve5pz7abary2x5gu4f2x5scj7slgjnk6f4mfeyw4lcjksq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 8c0888faa4ebf3f00411c6afd35385d5fb2127f25992d578bc61498b71624aa5

(this sample)

AgentTesla

Executable exe f63ca5c088c8a7668b5798da2458ce3bd3dba31c484d4e8ce846ab77d2a85dbc

  
Dropping
MD5 7e518a2d5e0fc59c6e33ed377272a92c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f63ca5c088c8a7668b5798da2458ce3bd3dba31c484d4e8ce846ab77d2a85dbc

Comments