MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e95206fd4cd6d27709f21e5cb4fb003aaaf4ef77b0d29cb0616033416724924. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e95206fd4cd6d27709f21e5cb4fb003aaaf4ef77b0d29cb0616033416724924
SHA3-384 hash: 73c4417d6f40dc729bc37323725ef6ad04c1cd89d92288e94cc37b341a65f67f369e85bcaa943fd5ad50f2b877e80455
SHA1 hash: 92e297f89714941850a0c498887f91afe47e7da0
MD5 hash: 59179c6133c3860fe5c54f45b6a99900
humanhash: april-burger-cola-cup
File name:Quotation.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:390'161 bytes
First seen:2020-06-15 14:16:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:I6Swb8zptQH0ga6WtvGv9TmeUxhs3ZfRNSw3lhlsILJ2t58jAEyOYIltUmEn8yx:I6STQUga5gHmhs3ZfRTZkt58jDVnltvs
TLSH 1584235B6F950F35A00F57A3968167087FEE36DB0BEA26E22AD9C575334109878732F0
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: Werner Götz <premer@cyber.net.pk>
Subject: Urgent request new order//Quotation List
Attachment: Quotation.zip (contains "Quotation.exe")

AgentTesla SMTP exfil server:
smtp.zoho.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21199.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:34:35 UTC
AV detection:
32 of 47 (68.09%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r2ksa36uzvwso4e7ehs4wt5qaovk6txxpmgstsygcybtiftsjesa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 8e95206fd4cd6d27709f21e5cb4fb003aaaf4ef77b0d29cb0616033416724924

(this sample)

AgentTesla

Executable exe a31a7dcf9c8cdf9d549d3d895ba3d23cb6bc26d6eaf243dfd32e04de4ddd7cc3

  
Dropping
MD5 fd41606a94ba5967d637d5d078cb01b2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a31a7dcf9c8cdf9d549d3d895ba3d23cb6bc26d6eaf243dfd32e04de4ddd7cc3

Comments