MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e5cecd4cb7dc05c2baa1013e11235769219e19542558760e474230ef7cf1fd2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e5cecd4cb7dc05c2baa1013e11235769219e19542558760e474230ef7cf1fd2
SHA3-384 hash: d2544cd16c08cb2389be5015b761473c91e6705066bb2c35ddafb0decc28272b1c415184b40c8a95cba1207ba4e11fa4
SHA1 hash: ee03f0f17980553b6384025df039e2e32d5b8e8b
MD5 hash: 6fdff1d3a5e5343b438e659accb00910
humanhash: saturn-delta-avocado-fix
File name:attachments.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'078'441 bytes
First seen:2020-06-01 19:59:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:yrh+zqQVb+6rekhyfMcaQYMuXi0K4H2a8ep:ah++QVbzreks4Bik2nep
TLSH 1F353308C463D423F5B84B9FB9EECD91135BAD4B0CA0106935BFBAA2DF1753784E548A
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vistagroup.co.nz
Sending IP: 193.142.58.25
From: Maria Obrain <purchase01@vistagroup.co.nz>
Reply-To: Maria Obrain <stavecrotts9618@mail.ru>
Subject: RFQ- Order Attached and Sanitary Fixtures
Attachment: attachments.zip (contains "RFQ- Order Attached and Sanitary Fixtures.exe")

AgentTesla SMTP exfil server:
premium71.web-hosting.com:26

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27681.XorExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 10:50:35 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rzoozvglpxafyk5kcaj6cervo2jbtymvijkyoyheoqrq556pd7ja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 8e5cecd4cb7dc05c2baa1013e11235769219e19542558760e474230ef7cf1fd2

(this sample)

AgentTesla

Executable exe 68d01ee51cc0c90ef40afbd0b6a914de7d80c8cc347ffd80c1a7e0e888bde437

  
Dropping
MD5 0efcd3473844bd9135fdeb0344881102
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 68d01ee51cc0c90ef40afbd0b6a914de7d80c8cc347ffd80c1a7e0e888bde437

Comments