MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d6c35628f0fde8c716876412da5ad2f94663446f56b17d08f6482d85bf4dcd3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d6c35628f0fde8c716876412da5ad2f94663446f56b17d08f6482d85bf4dcd3
SHA3-384 hash: ec66fa53d2bf5b43eb1502970bdd7640c709dca537a6024e536e0745803774e91e8584f3ea0bdb67607b041743e4aefe
SHA1 hash: 466ad8c8ce7f2ca02314590df24d465fd94e286b
MD5 hash: 29f72c8d176293f1215e4f7e4ff0d7ad
humanhash: indigo-ceiling-tango-bakerloo
File name:Balance Payment Performance invoice 17082020.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'441'792 bytes
First seen:2020-08-18 07:40:22 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:Xosev9eD2kTGtg5tSqi7EQuFk3Jt2MWZl:dev9eWgji7u6Zt2MWZ
TLSH 7565F02132C9A35CC5B917390D10534A13F6AD06AA21C9D97DCF325C9E7EBAFC76138A
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: alnassar.com.sa
Sending IP: 162.244.93.110
From: Financial dept <syed.magdoom@agpowerme.com>
Reply-To: syed.magdoom@agpowerme.com
Subject: PI_Balance Payment
Attachment: Balance Payment Performance invoice 17082020.img (contains "Balance Payment Performance invoice 17082020.exe")

AgentTesla SMTP exfil server:
smtp.seldon-petroleum.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8d6c35628f0fde8c716876412da5ad2f94663446f56b17d08f6482d85bf4dcd3/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 12:56:22 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rvwdkyupb7piy4liozas3jnnf6kgmncg6vvrpuepmsbnqw7u3tjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 8d6c35628f0fde8c716876412da5ad2f94663446f56b17d08f6482d85bf4dcd3

(this sample)

AgentTesla

Executable exe b5079461ffd9400417d650bbfab5478eac97e86a4a65c9e2b286bf52345b761e

  
Dropping
MD5 af4718940f31da662e2635d8423a7ad3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b5079461ffd9400417d650bbfab5478eac97e86a4a65c9e2b286bf52345b761e

Comments